CVE-2021-24844

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
0.6%
top 31.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Affiliates ManagerWpaffiliatemanager Affiliates Manager
Timeline
PublishedNov 8
Latest updateMay 24

Description

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/affiliates_manager2.8.72.8.7

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-jcf4-w72w-52p8: The Affiliates Manager WordPress plugin before 22022-05-24
CVEList
Affiliate Manager < 2.8.7 - Admin+ SQL injection2021-11-08
CVE-2021-24844 (HIGH CVSS 7.2) | The Affiliates Manager WordPress pl | cvebase.io