CVE-2021-24337

Sažetak

The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.

Reference

https://codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/
https://wpscan.com/vulnerability/a8fd8dd4-5b5e-462e-8dae-065d5e2d003a

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-07-2021 - 20:06

Objavljeno

07-06-2021 - 11:15