CVE-2021-25064

Summary

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

Affected Software

VendorProductVersion RangeStatus
UnknownWow Countdowns – easily create any countdowns, counters and timers3.1.2 <= 3.1.2affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References