CVE-2021-24348: Side Menu < 3.1.5 - Authenticated (admin+) SQL Injection
First published: Mon Jun 14 2021(Updated: )
The menu delete functionality of the Side Menu – add fixed side buttons WordPress plugin before 3.1.5, available to Administrator users takes the did GET parameter and uses it into an SQL statement without proper sanitisation, validation or escaping, therefore leading to a SQL Injection issue
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wow-estore Side Menu | <3.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-24348?
CVE-2021-24348 has a severity rating of Medium due to its potential for SQL injection vulnerabilities.
How do I fix CVE-2021-24348?
To fix CVE-2021-24348, update the Side Menu plugin to version 3.1.5 or later.
Who is affected by CVE-2021-24348?
Administrators using the Side Menu plugin version prior to 3.1.5 in WordPress are affected by CVE-2021-24348.
What type of vulnerability is CVE-2021-24348?
CVE-2021-24348 is categorized as an SQL injection vulnerability.
What are the risks associated with CVE-2021-24348?
The risks associated with CVE-2021-24348 include unauthorized database access and potential data manipulation.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/wow-estore
- canonical/wow-estore side menu