CVE-2021-24492 – Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection

https://notcve.org/view.php?id=CVE-2021-24492

29 Jun 2021 — The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. La llamada AJAX hndtst_action_instance_callback del plugin de WordPress Handsome Testimonials & Reviews versiones anteriores a 2.1.1, disponible para cualquier usuario autenticado, no sanea, c... • https://codevigilant.com/disclosure/2021/wp-plugin-handsome-testimonials • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •