Vulnerability Description
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jiangqie | Official Website Mini Program | < 1.1.1 |
Related Weaknesses (CWE)
References
- https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-websitExploitThird Party Advisory
- https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30ExploitThird Party Advisory
- https://github.com/ja9er/CVEProject/blob/main/wordpress_jiangqie-official-websitExploitThird Party Advisory
- https://wpscan.com/vulnerability/cbd65b7d-d3c3-4ee3-8e5e-ff0eeeaa7b30ExploitThird Party Advisory
FAQ
What is CVE-2021-24303?
CVE-2021-24303 is a vulnerability with a CVSS score of 8.8 (HIGH). The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues
How severe is CVE-2021-24303?
CVE-2021-24303 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24303?
Check the references section above for vendor advisories and patch information. Affected products include: Jiangqie Official Website Mini Program.