3 matches found
CVE-2021-24865
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...
CVE-2021-24865 Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...
CVE-2021-24865
CVE-2021-24865 affects the WordPress plugin Advanced Custom Fields: Extended (pre-0.8.8.7). The vulnerability arises because the plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL injection. The issue is confirmed across multiple sourc...