Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/19800898-d7b6-4edd-887b-dac3c0597f14 | Third Party Advisory |
https://wpscan.com/vulnerability/19800898-d7b6-4edd-887b-dac3c0597f14 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/19800898-d7b6-4edd-887b-dac3c0597f14 - Third Party Advisory |
18 May 2023, 15:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:webfactoryltd:301_redirects:*:*:*:*:*:wordpress:*:* |
Information
Published : 2021-03-18 15:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24142
Mitre link : CVE-2021-24142
CVE.ORG link : CVE-2021-24142
JSON object : View
Products Affected
webfactoryltd
- 301_redirects
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')