Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-102399
HistoryDec 01, 2021 - 12:00 a.m.

WordPress Plugin SQL Injection Vulnerability (CNVD-2021-102399)

2021-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8

0.001 Low

EPSS

Percentile

37.8%

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Ninja Forms Contact Form plugin version 3.6.4 prior to the SQL injection vulnerability, the vulnerability stems from the plugin does not escapefields POST parameter, the attacker can use the vulnerability to carry out SQL injection attacks.

0.001 Low

EPSS

Percentile

37.8%