RSS   Vulnerabilities for 'Astra'   RSS

2021-08-09
 
CVE-2021-24507

CWE-89
 

 
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

 

 >>> Vendor: Brainstormforce 4 Products
Schema
Elementor - header\, footer \& blocks template
Astra
Starter templates


Copyright 2024, cxsecurity.com

 

Back to Top