2 matches found
CVE-2021-24360
The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its sid shortcode parameter before using it in a SQL statement, allowing medium privilege users contributor+ to perform Blind SQL Injection attacks...
WordPress Yes/No Chart plugin <= 1.0.11 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by Apple502j in WordPress Yes/No Chart plugin versions = 1.0.11. Solution Update the WordPress Yes/No Chart plugin to the latest available version at least 1.0.12...