Security Advisory

CVE-2021-24741

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-20 10:06:51

Last updated 2024-08-03 19:42:16

Assigner WPScan

State PUBLISHED

Description

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.

← Browse all CVEs View on cve.org ↗