Security Advisory

CVE-2021-24403

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-20 10:06:10

Last updated 2024-08-03 19:28:23

Assigner WPScan

State PUBLISHED

Description

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors

← Browse all CVEs View on cve.org ↗