CVE-2021-24952
N/A
N/A
Summary
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Conversios.io – Google Analytics and Google Shopping plugin for WooCommerce | 4.6.2 < 4.6.2 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.