3 matches found
CVE-2021-24397
The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...
CVE-2021-24397
The CVE-2021-24397 entry concerns the WordPress MicroCopy plugin (versions ≤ 1.1.0). The vulnerability is an authenticated SQL injection caused by an unsanitized id parameter in a GET request used to fetch related options, allowing injection into a SQL statement. Documented PoCs show the vulnerab...
CVE-2021-24397 MicroCopy <= 1.1.0 - Authenticated SQL Injection
The edit functionality in the MicroCopy WordPress plugin through 1.1.0 makes a get request to fetch the related option. The id parameter used is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...