Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-24390
CVE-2021-24390:
WordPress vulnerability analysis and mitigation
Overview
The vulnerability CVE-2021-24390 affects the WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 WordPress plugin versions through 3.7.2. The vulnerability was identified on May 9, 2021, by Syed Sheeraz Ali, with CVE assignment on June 10, 2021, and public disclosure on July 23, 2021 (CodeVigilant).
Technical details
The vulnerability is an SQL injection issue where the 'proid' GET parameter in the plugin is not properly sanitized, escaped, or validated before being inserted into an SQL statement that lacks proper quote delimiters. The vulnerable code is located in '/includes/tpl.edit_product.php' at line 65. The CVSS score is rated at 6.7 (medium), and it is classified as CWE-89 under the OWASP Top 10 category A1: Injection (WPScan).
Impact
When exploited, this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries against the WordPress database, potentially leading to unauthorized access to sensitive data or manipulation of database contents (WPScan).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management