QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24952

Published: Mar 7, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.

Vendor	Product	Versions
Unknown	Conversios.io – Google Analytics and Google Shopping plugin for WooCommerce	affected `4.6.2 - < 4.6.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/cbb8fa9f-1c84-4410-ae86-64cb1771ce78

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.