PT-2022-9620 · WordPress · Wow Countdowns
0Xdecafbad
·
Published
2022-03-28
·
Updated
2022-04-04
·
CVE-2021-25064
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wow Countdowns WordPress plugin versions prior to 3.1.3
Description
The issue arises from the lack of sanitization of user input into the
did parameter, which is then used in a SQL statement. This leads to an authenticated SQL Injection.Recommendations
For Wow Countdowns WordPress plugin versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the
did parameter in the affected SQL statement until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wow Countdowns