The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
References
Link | Resource |
---|---|
https://codevigilant.com/disclosure/2021/wp-plugin-side-menu/ | Exploit Patch Third Party Advisory |
https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-06-14T13:37:12
Updated: 2021-06-14T13:37:12
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24348
JSON object: View
NVD Information
Status : Modified
Published: 2021-06-14T14:15:08.263
Modified: 2023-11-07T03:31:10.930
Link: CVE-2021-24348
JSON object: View
Redhat Information
No data.
CWE