PT-2021-15932 · WordPress · The Sorter

Syed Sheeraz Ali

Published

2021-09-20

Updated

2021-09-28

CVE-2021-24399

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Sorter WordPress plugin versions 1.0 and earlier

Description The issue concerns the check order function, which uses an area id parameter that is not sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection.

Recommendations For The Sorter WordPress plugin versions 1.0 and earlier, consider disabling the check order function until a patch is available to prevent potential SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-24399

Affected Products

The Sorter

PT-2021-15932 · WordPress · The Sorter

CVE-2021-24399

Weakness Enumeration

Related Identifiers

Affected Products

References · 5