CVE-2021-24398

Name of the Vulnerable Software and Affected Versions Responsive 3D Slider WordPress plugin versions 1.2 and earlier

Description The Add new scene functionality in the Responsive 3D Slider WordPress plugin uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time-based SQL injection and in the same function, the vulnerable parameter is passed twice, so if a time of 5 seconds is passed, it takes 10 seconds to return since the query is ran twice.

Recommendations For Responsive 3D Slider WordPress plugin versions 1.2 and earlier, consider disabling the Add new scene functionality until a patch is available to prevent SQL injection attacks. Restrict access to the id parameter in the affected function to minimize the risk of exploitation. Avoid using the id parameter in the affected SQL statement until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.