Lucene search
China National Vulnerability DatabaseCNVD-2021-102399HistoryDec 01, 2021 - 12:00 a.m.
WordPress Plugin SQL Injection Vulnerability (CNVD-2021-102399)
2021-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.001 Low
EPSS
Percentile
37.9%
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Ninja Forms Contact Form plugin version 3.6.4 prior to the SQL injection vulnerability, the vulnerability stems from the plugin does not escapefields POST parameter, the attacker can use the vulnerability to carry out SQL injection attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress wordpress ninja forms contact form | lt | 3.6.4 |
Related
prion
prion
Sql injection
2021-11-29 09:15:00
nvd
nvd
CVE-2021-24889
2021-11-29 09:15:07
cve
cve
CVE-2021-24889
2021-11-29 09:15:07
wpvulndb
wpvulndb
Ninja Forms < 3.6.4 - Admin+ SQL Injection
2021-10-26 00:00:00
openvas
openvas
WordPress Ninja Forms Plugin < 3.6.4 SQLi Vulnerability
2021-12-06 00:00:00
wpexploit
wpexploit
Ninja Forms < 3.6.4 - Admin+ SQL Injection
2021-10-26 00:00:00
patchstack
patchstack
cvelist
cvelist
CVE-2021-24889 Ninja Forms < 3.6.4 - Admin+ SQL Injection
2021-11-29 08:25:45