2 matches found
CVE-2021-24430
The CVE-2021-24430 entry concerns WordPress Speed Booster Pack plugin prior to 4.2.0. The root cause is improper validation of caching_exclude_urls and caching_include_query_strings when outputting them in a PHP file, enabling remote code execution (RCE) under authentication. Affected component: ...
CVE-2021-25023
The CVE-2021-25023 entry documents an SQL injection in the WordPress plugin Speed Booster Pack (Admin+ SQL Injection) prior to 4.3.3.1. The root cause is failure to escape the sbp_convert_table_name parameter before using it in a SQL statement used to convert a related table. Impact stated includ...