2 matches found
CVE-2021-24629 Post Content XMLRPC <= 1.0 - Admin+ SQL Injections
The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections...
CVE-2021-24629
CVE-2021-24629 affects the WordPress Post Content XMLRPC plugin (versions ≤ 1.0). The vulnerability is an authenticated SQL injection caused by unsanitised/unescaped GET/POST parameters used directly in SQL statements within the admin dashboard. Impact, as described, is authenticated access to ma...