CVE-2021-24952 in Conversios.io Pluginالمعلومات

الملخص

بحسب MITRE • 07/03/2022

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

14/01/2021

إفشاء

07/03/2022

الاعتدال

تمت الموافقة

إدخال

VDB-194294

EPSS

0.01297

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

Do you know our Splunk app?

Download it now for free!