QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24390

Published: Sep 6, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A proid GET parameter of the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

Vendor	Product	Versions
Unknown	WordPress支付宝Alipay\|财付通Tenpay\|贝宝PayPal集成插件	affected `3.7.2 - <= 3.7.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/92b0abec-082f-4545-9636-1b2f4dac66fe

x_refsource_MISC

https://codevigilant.com/disclosure/2021/wp-plugin-alipay/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.