Lucene search
China National Vulnerability DatabaseCNVD-2022-66591HistoryMar 02, 2022 - 12:00 a.m.
WordPress Orange Form Plugin SQL Injection Vulnerability
2022-03-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
0.001 Low
EPSS
Percentile
43.5%
WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the process_bulk_action function does not validate special characters in user input data. An attacker could exploit this vulnerability to execute malicious SQL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress orange form plugin | le | 1.0 |
Related
wpvulndb
wpvulndb
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
wpexploit
wpexploit
Orange Form <= 1.0 - SQL Injection via CSRF
2021-12-29 00:00:00
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
nvd
nvd
CVE-2021-24704
2022-02-28 09:15:07
cve
cve
CVE-2021-24704
2022-02-28 09:15:07
cvelist
cvelist
CVE-2021-24704 Orange Form <= 1.0 - SQL Injection via CSRF
2022-02-28 09:06:06