QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24492

Published: Aug 2, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue.

Vendor	Product	Versions
Unknown	Handsome Testimonials & Reviews	affected `2.1.1 - < 2.1.1`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/42760007-0e59-4d45-8d64-86bc0b8dacea

x_refsource_MISC

https://codevigilant.com/disclosure/2021/wp-plugin-handsome-testimonials/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.