CVE-2021-24877

Summary

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

Affected Software

VendorProductVersion RangeStatus
UnknownMainWP Child - Securely connects sites to the MainWP WordPress Manager Dashboard4.1.8 < 4.1.8affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References