Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.11 views

CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

9.8CVSS7.7AI score0.14697EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References1
CNVD
CNVD
added 2021/05/20 12:0 a.m.6 views

WordPress plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Car Seller - Auto Classifieds Script WordPress plugin...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References1
OSV
OSV
added 2021/05/14 12:15 p.m.3 views

CVE-2021-24285

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

9.8CVSS7.4AI score0.14697EPSS
Exploits2References2
Prion
Prion
added 2021/05/14 12:15 p.m.19 views

Sql injection

The requestlistrequest AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection...

7.5CVSS9.7AI score0.14697EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2021/05/14 11:38 a.m.86 views

CVE-2021-24285

CVE-2021-24285 concerns the WordPress plugin Car Seller - Auto Classifieds Script (versions ≤ 2.1.0). The vulnerability is a SQL injection in the request_list_request AJAX handler: the order_id parameter is not sanitised/validated/escaped before being interpolated into a SQL statement, and the en...

9.8CVSS9.8AI score0.14697EPSS
In wildExploits2References2Affected Software1
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.7 views

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Car Seller - Auto Classifieds Script WordPress plugin...

9.8CVSS6AI score0.14697EPSS
Exploits2References3
wpexploit
wpexploit
added 2021/04/26 12:0 a.m.150 views

Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection

The requestlistrequest AJAX call of the plugin, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the orderid POST parameter before using it in a SQL statement, leading to a SQL Injection issue. curl 'https://example.com/wp-admin/admin-ajax.php' ...

9.8CVSS1.4AI score0.14697EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/04/26 12:0 a.m.33 views

WordPress Car Seller – Auto Classifieds Script plugin <= 2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Shreya Pohekar in WordPress Car Seller – Auto Classifieds Script plugin versions = 2.1.0. Solution This plugin has been closed as of April 19, 2021 and is not available for download. This closure is permanent...

9.8CVSS2.2AI score0.14697EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder