The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue
References
Link | Resource |
---|---|
https://codevigilant.com/disclosure/2021/wp-plugin-edit-comments/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e62fb8db-384f-4384-ad24-e10eb9058ed5 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-08-23T11:10:06
Updated: 2021-08-23T11:10:06
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24551
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-23T12:15:09.680
Modified: 2021-08-26T19:15:55.430
Link: CVE-2021-24551
JSON object: View
Redhat Information
No data.
CWE