QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24747

Published: Dec 13, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.

Vendor	Product	Versions
Unknown	SEO Booster	affected `3.8 - < 3.8`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/40849d93-8949-4bd0-b60e-c0330b385fea

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset/2637115

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.