CVE-2021-24132: SQL Injection
First published: Thu Mar 18 2021(Updated: )
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10web Slider | <1.2.36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-24132.
What is the affected software?
The affected software is the Slider by 10Web WordPress plugin versions before 1.2.36.
What is the severity level of this vulnerability?
This vulnerability has a severity level of high.
How can an attacker exploit this vulnerability?
An attacker with high or medium privilege levels can exploit this vulnerability to perform an SQL injection attack.
Is there a fix available for this vulnerability?
Yes, updating the Slider by 10Web WordPress plugin to version 1.2.36 or newer will fix this vulnerability.
- collector/nvd-index
- vendor/10web
- canonical/10web slider