Lucene search
China National Vulnerability DatabaseCNVD-2023-05038HistoryMar 09, 2022 - 12:00 a.m.
WordPress Conversios.io plugin SQL injection vulnerability
2022-03-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
14
0.001 Low
EPSS
Percentile
37.7%
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin for WordPress. SQL injection vulnerability exists in versions of WordPress Conversios.io plugin prior to 4.6.2, which stems from the use of tvcajax in SQL statements _product_sync_bantch_wise AJAX before failing to clean, validate and escape the sync_progressive_data parameter, any authenticated attacker can exploit this vulnerability to perform SQL injection attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress conversios.io plugin | lt | 4.6.2 |
Related
cvelist
cvelist
CVE-2021-24952 Conversios.io < 4.6.2 - Subscriber+ SQL Injection
2022-03-07 08:16:08
cve
cve
CVE-2021-24952
2022-03-07 09:15:08
wpvulndb
wpvulndb
Conversios.io < 4.6.2 - Subscriber+ SQL Injection
2022-02-01 00:00:00
patchstack
patchstack
WordPress Conversios.io plugin <= 4.6.1 - SQL Injection (SQLi) vulnerability
2022-02-01 00:00:00
wpexploit
wpexploit
Conversios.io < 4.6.2 - Subscriber+ SQL Injection
2022-02-01 00:00:00
prion
prion
Sql injection
2022-03-07 09:15:00
nvd
nvd
CVE-2021-24952
2022-03-07 09:15:08