CVE-2021-24360

Summary

The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users (contributor+) to perform Blind SQL Injection attacks

Affected Software

VendorProductVersion RangeStatus
UnknownYes/No Chart1.0.12 < 1.0.12affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References