CVE-2021-24463

Name of the Vulnerable Software and Affected Versions Image Slider by Ays- Responsive Slider and Carousel WordPress plugin versions prior to 2.5.0

Description The issue concerns the get sliders() function, which did not properly validate the orderby parameter before using it in SQL statements. This oversight led to SQL injection issues in the admin dashboard.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.