Vulnerability Description
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wow-Estore | Side Menu | < 3.1.5 |
Related Weaknesses (CWE)
References
- https://codevigilant.com/disclosure/2021/wp-plugin-side-menu/ExploitPatchThird Party Advisory
- https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474ExploitThird Party Advisory
- https://codevigilant.com/disclosure/2021/wp-plugin-side-menu/ExploitPatchThird Party Advisory
- https://wpscan.com/vulnerability/e0ca257e-6e78-4611-a9ad-be43d37cf474ExploitThird Party Advisory
FAQ
What is CVE-2021-24348?
CVE-2021-24348 is a vulnerability with a CVSS score of 7.2 (HIGH). The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement wi...
How severe is CVE-2021-24348?
CVE-2021-24348 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24348?
Check the references section above for vendor advisories and patch information. Affected products include: Wow-Estore Side Menu.