CVE-2021-24461
N/A
N/A
Summary
The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ays Pro | FAQ Builder AYS | 1.3.6 < 1.3.6 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.