CVE-2021-25023

🗓️ 03 Jan 2022 12:49:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

The Speed Booster Pack WordPress plugin before 4.3.3.1 SQL injectio

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-25023	3 Jan 202216:44	–	circl
CNNVD	WordPress plugin Speed Booster Pack âš¡ PageSpeed Optimization Suite SQL注入漏洞	3 Jan 202200:00	–	cnnvd
CNVD	WordPress SQL Injection Vulnerability (CNVD-2022-03213)	7 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection	3 Jan 202212:49	–	cvelist
EUVD	EUVD-2021-11935	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25023	3 Jan 202213:15	–	nvd
Patchstack	WordPress Speed Booster Pack plugin <= 4.3.3 - SQL Injection (SQLi) vulnerability	16 Oct 202100:00	–	patchstack
Prion	Sql injection	3 Jan 202213:15	–	prion
RedhatCVE	CVE-2021-25023	22 May 202519:24	–	redhatcve
wpexploit	Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection	16 Oct 202100:00	–	wpexploit

NVD

Vulners

Node

optimocha speed_booster_packRange<4.3.3.1wordpress

[
  {
    "product": "Speed Booster Pack ⚡ PageSpeed Optimization Suite",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.3.3.1",
        "status": "affected",
        "version": "4.3.3.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/4a27d374-f690-4a8a-987a-9e0f56bbe143

Parameter	Position	Path	Description	CWE
sbp_convert_table_name	query param	/wp-admin/admin-ajax.php?action=sbp_database_action&sbp_action=convert_tables&sbp_convert_table_name=SQLi&nonce=b2d6208254	The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbp_convert_table_name parameter before using it in a SQL statement, leading to an SQL injection	CWE-89

21 Nov 2024 05:54Current

7.2High risk

Vulners AI Score7.2

CVSS 26.5

CVSS 3.17.2

EPSS0.00528

CWE-89