1. Home
  2. CVE Database
  3. CVE-2021-24835
HIGH · 8.8

CVE-2021-24835

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor pl...

Vulnerability Description

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
WcloversFrontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible< 6.5.12

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2021-24835?

CVE-2021-24835 is a vulnerability with a CVSS score of 8.8 (HIGH). The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor pl...

How severe is CVE-2021-24835?

CVE-2021-24835 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24835?

Check the references section above for vendor advisories and patch information. Affected products include: Wclovers Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible.