6 matches found
CVE-2021-24399
The checkorder function of The Sorter WordPress plugin through 1.0 uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24399
The checkorder function of The Sorter WordPress plugin through 1.0 uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24399
The checkorder function of The Sorter WordPress plugin through 1.0 uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A SQL injection vulnerability exists in Sorter WordPress plugin 1.0 and earlier versions, which stems fro...
The Sorter <= 1.0 - Authenticated SQL Injection
The checkorder function of the plugin uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=thesorterareasid=1%20AND%20SELECT%207667%20FROM%20SELECTSLEEP5DWBj HTTP/1.1 Cache-Control:...
WordPress The Sorter plugin <= 1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by Syed Sheeraz Ali in WordPress The Sorter plugin versions = 1.0. Solution This plugin has been closed as of May 13, 2021 and is not available for download. Reason: Security Issue...