CVE-2021-24361 – GeoDirectory Location Manager < 2.1.0.10 - Multiple Unauthenticated SQL Injections

https://notcve.org/view.php?id=CVE-2021-24361

04 Jun 2021 — In the Location Manager WordPress plugin before 2.1.0.10, the AJAX action gd_popular_location_list did not properly sanitise or validate some of its POST parameters, which are then used in a SQL statement, leading to unauthenticated SQL Injection issues. En el plugin Location Manager de WordPress versiones anteriores a 2.1.0.10, la acción AJAX gd_popular_location_list no saneaba o comprobaba apropiadamente algunos de sus parámetros POST, que luego se utilizaban en una sentencia SQL, conllevando a problemas ... • https://wpgeodirectory.com/downloads/location-manager • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •