CVE-2021-24849 in WCFM Marketplace Plugininformação

Sumário

de MITRE • 21/12/2021

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections

Be aware that VulDB is the high quality source for vulnerability data.

Reservar

14/01/2021

Divulgação

21/12/2021

Moderação

aceite

Entrada

VDB-188819

CPE

pronto

EPSS

0.08480

KEV

não

Atividades

muito baixo

Fontes

Want to know what is going to be exploited?

We predict KEV entries!