CVE-2021-24361
N/A
N/A
Summary
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AyeCode Ltd | Location Manager | 2.1.0.10 < 2.1.0.10 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/5aff50fc-ac96-4076-a07c-bb145ae37025
- https://wpgeodirectory.com/downloads/location-manager/
References
- https://wpscan.com/vulnerability/5aff50fc-ac96-4076-a07c-bb145ae37025
- https://wpgeodirectory.com/downloads/location-manager/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.