3 matches found
CVE-2021-24360
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...
CVE-2021-24360
Yes/No Chart WordPress plugin (before 1.0.12) is vulnerable due to unsanitized sid shortcode parameter used in SQL statements, enabling blind SQL injection by medium-privilege users (contributor+). Root cause: input not sanitized before query construction. Impact: potential data exposure through ...
CVE-2021-24360 Yes/No Chart < 1.0.12 - Authenticated (contributor+) Blind SQL Injection
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...