CVE-2021-24849
N/A
N/A
Summary
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WCFM Marketplace – Best Multivendor Marketplace for WooCommerce | 3.4.12 < 3.4.12 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.