Lucene search
WPScanCVELIST:CVE-2021-24849HistoryDec 21, 2021 - 8:45 a.m.
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
2021-12-2108:45:32
CWE-89
WPScan
www.cve.org
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
CNA Affected
[
{
"product": "WCFM Marketplace – Best Multivendor Marketplace for WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4.12",
"versionType": "custom"
}
]
}
]Related
prion
prion
Sql injection
2021-12-21 09:15:00
patchstack
patchstack
nvd
nvd
CVE-2021-24849
2021-12-21 09:15:07
wpvulndb
wpvulndb
cnvd
cnvd
WordPress WooCommerce Multivendor Marketplace SQL Injection Vulnerability
2021-12-26 00:00:00
nuclei
nuclei
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
2024-02-13 04:02:40
wpexploit
wpexploit
cve
cve
CVE-2021-24849
2021-12-21 09:15:07