3 matches found
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections...
CVE-2021-24849
The CVE-2021-24849 entry concerns the WCFM Marketplace WordPress plugin (versions prior to 3.4.12). The wcfm_ajax_controller AJAX action, accessible to both unauthenticated and authenticated users, fails to properly sanitise multiple parameters before including them in SQL queries, enabling SQL i...