mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
805 B
805 B
CVE-2021-24399
Description
The check_order function of The Sorter WordPress plugin through 1.0 uses an area_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
POC
Reference
- https://codevigilant.com/disclosure/2021/wp-plugin-the-sorter/
- https://wpscan.com/vulnerability/f7af0795-f111-4acc-9b1e-63cae5862f8b
Github
No PoCs found on GitHub currently.