CVE-2021-24521: Side Menu Lite < 2.2.1 - Authenticated SQL Injection
First published: Mon Aug 09 2021(Updated: )
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wow-estore Side Menu | <2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-24521?
CVE-2021-24521 has been rated as a high-severity vulnerability due to its potential for SQL injection attacks.
How do I fix CVE-2021-24521?
To fix CVE-2021-24521, update the Side Menu Lite WordPress plugin to version 2.2.1 or later.
Who is affected by CVE-2021-24521?
CVE-2021-24521 affects users with administrator roles or those who have permission to manage the Side Menu Lite plugin.
What kind of attack can CVE-2021-24521 facilitate?
CVE-2021-24521 can facilitate SQL Injection attacks due to insufficient input sanitization.
What products are vulnerable to CVE-2021-24521?
The vulnerable products include the Side Menu Lite WordPress plugin versions before 2.2.1.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/wow-estore
- canonical/wow-estore side menu