CVE-2021-24741

Summary

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.

Affected Software

VendorProductVersion RangeStatus
UnknownSupport Board3.3.4 < 3.3.4affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References