CVE-2021-24484

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:secure_copy_content_protection_and_content_locking:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-08-02 11:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-24484

Mitre link : CVE-2021-24484

CVE.ORG link : CVE-2021-24484


JSON object : View

Products Affected

ays-pro

  • secure_copy_content_protection_and_content_locking
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')