RSS   Vulnerabilities for 'Video embed'   RSS

2021-06-07
 
CVE-2021-24337

CWE-89
 

 
The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to perform SQL injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top