CVE-2021-24835
Published: Nov 8, 2021
Modified: Aug 3, 2024
Description
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor plugin such as WCFM - WooCommerce Multivendor Marketplace, does not escape the withdrawal_vendor parameter before using it in a SQL statement, allowing low privilege users such as Subscribers to perform SQL injection attacks
| Vendor | Product | Versions |
|---|---|---|
Unknown | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | affected 6.5.12 - < 6.5.12 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now