RSS   Vulnerabilities for 'Slider hero'   RSS

2021-08-23
 
CVE-2021-24506

CWE-89
 

 
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.

 

 >>> Vendor: Quantumcloud 3 Products
Simple link directory
Slider hero
Infographic maker


Copyright 2024, cxsecurity.com

 

Back to Top