Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-24340 #40

Closed
0xhunster opened this issue Jul 20, 2022 · 1 comment
Closed

CVE-2021-24340 #40

0xhunster opened this issue Jul 20, 2022 · 1 comment
Assignees
@trickest-workflows
Labels
On-Demand Trigger a Trickest Workflow for specific CVE

Comments

@0xhunster
Copy link

No description provided.

@nenadzaric nenadzaric added the On-Demand Trigger a Trickest Workflow for specific CVE label Jul 20, 2022
@trickest-workflows
Copy link
Collaborator

CVE-2021-24340


Description

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.

POC

Reference

No PoCs from references.

Github

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trickest-workflows trickest-workflows

Labels
On-Demand Trigger a Trickest Workflow for specific CVE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xhunster @nenadzaric @trickest-workflows