Security Advisory

CVE-2021-24507

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-09 10:04:12
Last updated 2024-08-03 19:35:20
Assigner WPScan
State PUBLISHED

Description

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues