Vulnerability Description
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wow-Estore | Side Menu | < 2.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/pang0lin/CVEproject/blob/main/wordpress_side-menu-lite_sqli.mExploitThird Party Advisory
- https://wpscan.com/vulnerability/eb21ebc5-265c-4378-b2c6-62f6bc2f69cdExploitThird Party Advisory
- https://github.com/pang0lin/CVEproject/blob/main/wordpress_side-menu-lite_sqli.mExploitThird Party Advisory
- https://wpscan.com/vulnerability/eb21ebc5-265c-4378-b2c6-62f6bc2f69cdExploitThird Party Advisory
FAQ
What is CVE-2021-24521?
CVE-2021-24521 is a vulnerability with a CVSS score of 7.2 (HIGH). The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role o...
How severe is CVE-2021-24521?
CVE-2021-24521 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24521?
Check the references section above for vendor advisories and patch information. Affected products include: Wow-Estore Side Menu.