1. Home
  2. CVE Database
  3. CVE-2021-24754
HIGH · 7.2

CVE-2021-24754

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

Vulnerability Description

The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MainwpMainwp Child Reports< 2.0.8

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2021-24754?

CVE-2021-24754 is a vulnerability with a CVSS score of 7.2 (HIGH). The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue

How severe is CVE-2021-24754?

CVE-2021-24754 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24754?

Check the references section above for vendor advisories and patch information. Affected products include: Mainwp Mainwp Child Reports.