CVE-2021-24285

Name of the Vulnerable Software and Affected Versions Car Seller - Auto Classifieds Script WordPress plugin versions 2.1.0 and earlier

Description The issue arises from the request list request AJAX call in the Car Seller - Auto Classifieds Script WordPress plugin, which is accessible to both authenticated and unauthenticated users. This call does not properly sanitise, validate, or escape the order id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.

Recommendations For Car Seller - Auto Classifieds Script WordPress plugin versions 2.1.0 and earlier, update to a version that addresses the SQL Injection issue in the request list request AJAX call. As a temporary workaround, consider restricting access to the request list request AJAX call to prevent potential exploitation.