3 matches found
CVE-2021-24461
The getfaqs function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...
CVE-2021-24461
The CVE-2021-24461 entry affects the WordPress plugin FAQ Builder AYS prior to version 1.3.6. The vulnerability stems from the get_faqs() function not whitelisting or validating the orderby parameter before using it in SQL statements passed to get_results(), enabling SQL injection in the admin da...
CVE-2021-24461 FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections
The getfaqs function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...