CVE-2021-24390

admin

3년 ago

CVE-2021-24390

A proid GET parameter of the WordPressÃ¦â€�Â¯Ã¤Â»ËœÃ¥Â®?Alipay|Ã¨Â´Â¢Ã¤Â»ËœÃ©â‚¬Å¡Tenpay|Ã¨Â´?Ã¥Â®?PayPalÃ©â€ºâ€ Ã¦Ë†?Ã¦?â€™Ã¤Â»Â¶ WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection.

Source: CVE-2021-24390