The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-09-20T10:06:51
Updated: 2024-08-03T19:42:16.654Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24741
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-09-20T10:15:09.857
Modified: 2024-11-21T05:53:40.307
Link: CVE-2021-24741
Redhat
No data.