7 matches found
CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
WordPress Astra Pro Addon Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Astra Pro Addon Plugin versions prior to 3.5.2, which stems...
CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
CVE-2021-24507 Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an...
CVE-2021-24507
The CVE-2021-24507 case concerns the Astra Pro Addon WordPress plugin prior to 3.5.2, where POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX actions were not properly sanitised/escaped before being used in SQL statements. This (server-side) vulnerability ...
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues PoC Via...
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
The plugin did not properly sanitise or escape some of the POST parameters from the astrapaginationinfinite and astrashoppaginationinfinite AJAX action available to both unauthenticated and authenticated user before using them in SQL statement, leading to an SQL Injection issues Via...