QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24398

Published: Sep 20, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

Vendor	Product	Versions
Unknown	RESPONSIVE 3D SLIDER	affected `1.2 - <= 1.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/e6fb2256-0214-4891-b4b7-e4371a1599a5

x_refsource_MISC

https://codevigilant.com/disclosure/2021/wp-plugin-morpheus-slider/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.