Lucene search
K

CVE-2021-24952

🗓️ 07 Mar 2022 08:16:08Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov👁 93 Views🌐 WEB

The Conversios.io WordPress plugin before 4.6.2 allows SQL injection

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
CNNVD
WordPress plugin Conversios.io SQL注入漏洞
7 Mar 202200:00
cnnvd
CNVD
WordPress Conversios.io plugin SQL injection vulnerability
9 Mar 202200:00
cnvd
Cvelist
CVE-2021-24952 Conversios.io < 4.6.2 - Subscriber+ SQL Injection
7 Mar 202208:16
cvelist
EUVD
EUVD-2021-11864
7 Oct 202500:30
euvd
NVD
CVE-2021-24952
7 Mar 202209:15
nvd
OSV
CVE-2021-24952
7 Mar 202209:15
osv
Patchstack
WordPress Conversios.io plugin <= 4.6.1 - SQL Injection (SQLi) vulnerability
1 Feb 202200:00
patchstack
Prion
Sql injection
7 Mar 202209:15
prion
RedhatCVE
CVE-2021-24952
22 May 202518:25
redhatcve
wpexploit
Conversios.io < 4.6.2 - Subscriber+ SQL Injection
1 Feb 202200:00
wpexploit
Rows per page
NVD
Vulners
Node
conversiosconversiosRange<4.6.2wordpress
[
  {
    "product": "Conversios.io – Google Analytics and Google Shopping plugin for WooCommerce",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.6.2",
        "status": "affected",
        "version": "4.6.2",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
sync_progressive_data[last_sync_product_id]request body/wp-admin/admin-ajax.phpThe plugin does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, enabling SQL injection.CWE-89
sync_progressive_data[sync_step]request body/wp-admin/admin-ajax.phpThe plugin does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, enabling SQL injection.CWE-89
actionrequest body/wp-admin/admin-ajax.phpThe plugin does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, enabling SQL injection.CWE-89

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:41Current
8.9High risk
Vulners AI Score8.9
CVSS 26.5
CVSS 3.18.8
EPSS0.01297
93