mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
939 B
939 B
CVE-2021-24348
Description
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
POC
Reference
- https://codevigilant.com/disclosure/2021/wp-plugin-side-menu/
- https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474
Github
No PoCs found on GitHub currently.