CVE-2021-24506
N/A
N/A
Summary
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Slider Hero with Animation, Video Background & Intro Maker | 8.2.7 < 8.2.7 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.