Lucene search
WPScanCVELIST:CVE-2021-24747HistoryDec 13, 2021 - 10:40 a.m.
CVE-2021-24747 SEO Booster < 3.8 - Admin+ SQL Injection
2021-12-1310:40:45
CWE-89
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
38.5%
The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the “fn_my_ajaxified_dataloader_ajax” AJAX request as the $_REQUEST[‘order’][0][‘dir’] parameter is not properly escaped leading to blind and error-based SQL injections.
CNA Affected
[
{
"product": "SEO Booster",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.8",
"status": "affected",
"version": "3.8",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2021-12-13 11:15:00
wpexploit
wpexploit
SEO Booster < 3.8 - Admin+ SQL Injection
2021-11-15 00:00:00
cnvd
cnvd
WordPress SEO Booster plugin SQL injection vulnerability
2021-12-18 00:00:00
nvd
nvd
CVE-2021-24747
2021-12-13 11:15:08
wpvulndb
wpvulndb
SEO Booster < 3.8 - Admin+ SQL Injection
2021-11-15 00:00:00
cve
cve
CVE-2021-24747
2021-12-13 11:15:08
patchstack
patchstack
WordPress SEO Booster plugin <= 3.7 - SQL Injection (SQLi) vulnerability
2021-11-15 00:00:00