The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-06-07T10:49:50

Updated: 2024-08-03T19:28:23.425Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24340

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-07T11:15:16.677

Modified: 2024-11-21T05:52:52.593

Link: CVE-2021-24340

cve-icon Redhat

No data.