CVE-2021-24849 in WCFM Marketplace Pluginالمعلومات

الملخص

بحسب MITRE • 21/12/2021

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections

Be aware that VulDB is the high quality source for vulnerability data.

حجز

14/01/2021

إفشاء

21/12/2021

الاعتدال

تمت الموافقة

إدخال

VDB-188819

EPSS

0.08480

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Want to know what is going to be exploited?

We predict KEV entries!