Lucene search
WPScanCVELIST:CVE-2021-24849HistoryDec 21, 2021 - 8:45 a.m.
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
2021-12-2108:45:32
CWE-89
WPScan
www.cve.org
5
woocommerce
multivendor
marketplace
sql injection
cve-2021-24849
unauthenticated
wcfm
wordpress
plugin
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
CNA Affected
[
{
"product": "WCFM Marketplace – Best Multivendor Marketplace for WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.4.12",
"status": "affected",
"version": "3.4.12",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
WordPress WooCommerce Multivendor Marketplace SQL Injection Vulnerability
2021-12-26 00:00:00
wpvulndb
wpvulndb
patchstack
patchstack
prion
prion
Sql injection
2021-12-21 09:15:00
nvd
nvd
CVE-2021-24849
2021-12-21 09:15:07
nuclei
nuclei
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
2024-02-13 04:02:40
wpexploit
wpexploit
cve
cve
CVE-2021-24849
2021-12-21 09:15:07