3 matches found
CVE-2021-24848
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection...
CVE-2021-24848
CVE-2021-24848 affects the Mediamatic WordPress plugin prior to 2.8.1. The mediamaticAjaxRenameCategory action accepts categoryID from authenticated users and uses it in a SQL statement without sanitisation, enabling SQL injection. Impact is partial confidentiality/integrity/availability (per CVS...
CVE-2021-24848 Mediamatic < 2.8.1 - Subscriber+ SQL Injection
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection...