CVE-2021-24285

Summary

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.

Affected Software

VendorProductVersion RangeStatus
UnknownCar Seller - Auto Classifieds Script2.1.0 <= 2.1.0affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References