CVE-2021-24361

Summary

In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues.

Affected Software

VendorProductVersion RangeStatus
AyeCode LtdLocation Manager2.1.0.10 < 2.1.0.10affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References