Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507
CVE-2021-24507 Astra Pro Addon < 352 - Unauthenticated SQL Injection - CVE-2021-24507
The Astra Pro Addon WordPress plugin prior to 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
brainstormforce astra |