3 matches found
CVE-2021-24952
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks...
CVE-2021-24952
The CVE-2021-24952 entry affects the Conversios.io WordPress plugin prior to 4.6.2. The vulnerability is an SQL injection in the tvcajax_product_sync_bantch_wise AJAX action caused by insufficient sanitisation/validation/escaping of the sync_progressive_data parameter before it is used in an SQL ...
CVE-2021-24952 Conversios.io < 4.6.2 - Subscriber+ SQL Injection
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks...