CVE-2021-24132

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.5%
top 34.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Slider BY 10web10web Slider
Timeline
PublishedMar 18
Latest updateMay 24

Description

The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVD10web/slider< 1.2.36
CVEListV5unknown/slider_by_10web1.2.361.2.36

🔴Vulnerability Details

2
GHSA
GHSA-c7r2-qc5v-3hvm: The Slider by 10Web WordPress plugin, versions before 12022-05-24
CVEList
Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection2021-03-18
CVE-2021-24132 (HIGH CVSS 8.8) | The Slider by 10Web WordPress plugi | cvebase.io