CVE-2021-24340

Sažetak

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.

Reference

https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-06-2021 - 17:47

Objavljeno

07-06-2021 - 11:15