CVE-2021-24753
HIGH WAF: High
CVSS 7.2
Published: 2021-12-27
CWE-89 CWE-89
The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue
WAF Coverage Analysis
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
SQL Injection
High WAF Coverage
OWASP: A03:2021 Injection
942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| starfish | rich_review | up to 1.9.6 |
References
- plugins.trac.wordpress.org (Patch, Third Party Advisory)
- wpscan.com (Exploit, Patch, Third Party Advisory)