CVE-2021-24460: Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
First published: Mon Aug 02 2021(Updated: )
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ays-pro Popup Box | <3.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-24460.
What is the severity rating for CVE-2021-24460?
CVE-2021-24460 has a severity rating of high (8.8).
Which software is affected by CVE-2021-24460?
The Ays-pro Popup Box WordPress plugin version up to 3.5.3 is affected by CVE-2021-24460.
What is the impact of CVE-2021-24460?
CVE-2021-24460 allows for SQL injection issues in the admin dashboard.
How can I fix the vulnerability CVE-2021-24460?
To fix CVE-2021-24460, update the Popup Like box – Page Plugin WordPress plugin to version 3.5.3 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/ays-pro
- canonical/ays-pro popup box