CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24361 – GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections
https://notcve.org/view.php?id=CVE-2021-24361
In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. En el plugin Location Manager de WordPress versiones anteriores a 2.1.0.10, la acción AJAX gd_popular_location_list no saneaba o comprobaba apropiadamente algunos de sus parámetros POST, que luego se utilizaban en una sentencia SQL, conllevando a problemas de inyección SQL no autenticada • https://wpgeodirectory.com/downloads/location-manager https://wpscan.com/vulnerability/5aff50fc-ac96-4076-a07c-bb145ae37025 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •