The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-06-14T13:37:12

Updated: 2024-08-03T19:28:23.690Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24348

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-14T14:15:08.263

Modified: 2024-11-21T05:52:53.443

Link: CVE-2021-24348

cve-icon Redhat

No data.