Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2021-24949
HistoryJan 10, 2022 - 3:30 p.m.

CVE-2021-24949 The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

2022-01-1015:30:31
CWE-89
WPScan
www.cve.org
4
cve-2021-24949
elementor pro
unauthenticated sql injection
wordpress vulnerability
sql injection

EPSS

0.002

Percentile

53.0%

JSON

The “WP Search Filters” widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection

CNA Affected

[
  {
    "product": "The Plus Addons for Elementor - Pro",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "5.0.4*",
        "status": "affected",
        "version": "5.0.4",
        "versionType": "custom"
      },
      {
        "lessThan": "5.0.7",
        "status": "affected",
        "version": "5.0.7",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
wpexploit 1
wpvulndb 1
patchstack 1
prion
prion
Sql injection
2022-01-10 16:15:00
nvd
nvd
CVE-2021-24949
2022-01-10 16:15:08
cve
cve
CVE-2021-24949
2022-01-10 16:15:08
wpexploit
wpexploit
The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection
2021-12-13 00:00:00
wpvulndb
wpvulndb
The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection
2021-12-13 00:00:00
patchstack
patchstack
WordPress The Plus Addons for Elementor Pro premium plugin <= 5.0.6 - Unauthenticated SQL Injection (SQLi) vulnerability
2021-12-13 00:00:00

EPSS

0.002

Percentile

53.0%

JSON
Related for CVELIST:CVE-2021-24949
prion1nvd1cve1wpexploit1wpvulndb1patchstack1