CVE-2021-24877: MainWP Child < 4.1.8 - Admin+ SQL Injection
First published: Tue Nov 23 2021(Updated: )
The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MainWP Child Reports | <4.1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the MainWP Child WordPress plugin?
The vulnerability ID for the MainWP Child WordPress plugin is CVE-2021-24877.
What is the severity of CVE-2021-24877?
The severity of CVE-2021-24877 is high.
How does CVE-2021-24877 affect the MainWP Child WordPress plugin?
CVE-2021-24877 allows high privilege users to exploit an SQL injection vulnerability when the Backup and Staging by WP Time Capsule plugin is installed.
What is the affected software for CVE-2021-24877?
The affected software for CVE-2021-24877 is the MainWP Child WordPress plugin before version 4.1.8.
Is there a reference link for more information about CVE-2021-24877?
Yes, you can find more information about CVE-2021-24877 at this reference link: https://wpscan.com/vulnerability/b09fe120-ab9b-44f2-b50d-3b4b299d6d15
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mainwp
- canonical/mainwp child reports