The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-08T17:35:16
Updated: 2024-08-03T19:42:16.658Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24731
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-08T18:15:09.557
Modified: 2023-11-07T03:31:19.733
Link: CVE-2021-24731
Redhat
No data.