CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24459 – Survey Maker < 1.5.6 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24459
The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard Las funciones get_results() y get_items() del plugin de WordPress Survey Maker versiones anteriores a 1.5.6, no usaban la lista blanca ni comprobaban el parámetro orderby antes de usarlo en las sentencias SQL que se pasaban a las llamadas a la base de datos get_results(), conllevando a problemas de inyección SQL en el panel de administración The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard. • https://wpscan.com/vulnerability/3fafbec0-55e4-41cf-8402-1b57b6615225 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24484 – Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24484
The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard La función get_reports() del plugin de WordPress Secure Copy Content Protection and Content Locking versiones anteriores a 2.6.7, no usaba la lista blanca o comprobaba el parámetro orderby antes de usarlo en las sentencias SQL pasadas a las llamadas a la base de datos get_results(), conllevando a problemas de inyección SQL en el panel de administración • https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24462 – Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24462
The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard Las funciones get_gallery_categories() y get_galleries() del plugin de WordPress Photo Gallery by Ays - Responsive Image Gallery versiones anteriores a 4.4.4, no usaban la lista blanca ni comprobaban el parámetro orderby antes de usarlo en las sentencias SQL pasadas a las llamadas a la base de datos get_results(), conllevando a problemas de inyección SQL en el panel de control del administrador • https://wpscan.com/vulnerability/e24dac6d-de48-42c1-bdde-4a45fb331376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24460 – Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24460
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard La función get_fb_likeboxes() del plugin de WordPress Popup Like box versiones anteriores a 3.5.3, no usaba la lista blanca ni comprobaba el parámetro orderby antes de usarlo en las sentencias SQL pasadas a las llamadas a la base de datos get_results(), conllevando a problemas de inyección SQL en el panel de control del administrador • https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24483 – Poll Maker < 3.2.1 - Authenticated Blind SQL Injections
https://notcve.org/view.php?id=CVE-2021-24483
The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard Las funciones get_poll_categories(), get_polls() y get_reports() del plugin de WordPress Poll Maker versiones anteriores a 3.2.1, no usaban la lista blanca o comprobaban el parámetro orderby antes de usarlo en las sentencias SQL pasadas a las llamadas a la base de datos get_results(), conllevando a problemas de inyección SQL en el panel de control del administrador • https://wpscan.com/vulnerability/0dc931c6-1fce-4d70-a658-a4bbab10dab3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •