CVE-2021-24877
N/A
N/A
Summary
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | MainWP Child - Securely connects sites to the MainWP WordPress Manager Dashboard | 4.1.8 < 4.1.8 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.