2 matches found
CVE-2021-24858
The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection...
CVE-2021-24858
The CVE-2021-24858 entry concerns the WordPress plugin “Cookie Notification Plugin for WordPress.” The vulnerability is an SQL injection caused by failure to sanitize/escape the id GET parameter when fetching the admin-edit setting, in versions before 1.0.9. Impact is authenticated SQL Injection ...