CVE-2021-24748

Summary

The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues

Affected Software

VendorProductVersion RangeStatus
UnknownEmail Before Download6.8 < 6.8affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References