CVE-2021-24866

Summary

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion

Affected Software

VendorProductVersion RangeStatus
UnknownWP Data Access5.0.0 < 5.0.0affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References