CVE-2021-24844

high

Description

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

References

https://wpscan.com/vulnerability/ebd6d13c-572e-4861-b7d1-a7a87332ce0d

https://plugins.trac.wordpress.org/changeset/2611862/

Details

Source: Mitre, NVD

Published: 2021-11-08

Updated: 2021-11-13

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics