CVE-2021-24390

Summary

A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

Affected Software

VendorProductVersion RangeStatus
UnknownWordPress支付宝Alipay财付通Tenpay贝宝PayPal集成插件

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References