CVE-2021-24769: Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
First published: Mon Oct 25 2021(Updated: )
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Permalink Manager Lite | <2.2.13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2021-24769.
What is the title of this vulnerability?
The title of this vulnerability is 'The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby...'
What is the affected software for this vulnerability?
The affected software is the Permalink Manager Lite WordPress plugin version up to 2.2.13.1.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is high (7.2).
How does this vulnerability work?
This vulnerability allows for SQL Injection by not validating and escaping the orderby parameter before using it in a SQL statement on the Permalink Manager page.
- agent/type
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/permalink manager lite project
- canonical/permalink manager lite