1 results (0.002 seconds)
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24451 – Export Users With Meta < 0.6.5 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24451
The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection. El plugin Export Users With Meta WordPress versiones anteriores a 0.6.5, no escapa de la lista de roles a exportar antes de usarlos en una sentencia SQL en la funcionalidad export, disponible para los administradores, conllevando a una inyección SQL autenticada • https://wpscan.com/vulnerability/40603382-404b-44a2-8212-f2008366891c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •