CVE-2021-25054

Summary

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

Affected Software

VendorProductVersion RangeStatus
UnknownWPcalc – create any online calculators2.1 <= 2.1affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References