• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-89

CVE-2021-24704

February 23, 2023 by

In the Orange Form WordPress plugin through 1.0, the process_bulk_action() function in “admin/orange-form-email.php” performs an unprepared SQL query with an unsanitized parameter ($id). Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually exploitable and could allow attackers to make a logged in admin delete arbitrary posts for example

CVE-2021-24627

February 23, 2023 by

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an ‘id’ GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection

CVE-2021-24628

February 23, 2023 by

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a ‘did’ GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authenticated SQL injection

CVE-2021-24629

February 23, 2023 by

The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections

CVE-2021-24630

February 23, 2023 by

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenticated SQL Injections which can be exploited by users as low as author

CVE-2021-24631

February 23, 2023 by

The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 648
  • Go to page 649
  • Go to page 650
  • Go to page 651
  • Go to page 652
  • Interim pages omitted …
  • Go to page 956
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE