QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24506

Published: Aug 23, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.

Vendor	Product	Versions
Unknown	Slider Hero with Animation, Video Background & Intro Maker	affected `8.2.7 - < 8.2.7`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/52c8755c-46b9-4383-8c8d-8816f03456b0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.