The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-11-08T17:35:16

Updated: 2024-08-03T19:42:16.658Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24731

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-08T18:15:09.557

Modified: 2023-11-07T03:31:19.733

Link: CVE-2021-24731

cve-icon Redhat

No data.