CVE-2021-24340

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-24340
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24340.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-24340
Published
2021-06-07T11:15:16Z
Modified
2024-09-03T03:44:18.105998Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.

References

Affected packages

Git / github.com/wp-statistics/wp-statistics

Affected ranges

Type
GIT
Repo
https://github.com/wp-statistics/wp-statistics
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

12.*

12.0.10
12.0.11
12.0.12
12.0.12.1
12.0.6
12.0.7
12.0.8
12.0.8.1
12.0.9
12.1.0
12.1.1
12.1.2
12.1.3
12.2
12.3
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6
12.3.6.1
12.3.6.2
12.3.6.4
12.4.0
12.4.1
12.4.3
12.5
12.5.1
12.5.2
12.5.3
12.5.4
12.5.5
12.5.6
12.5.7
12.6
12.6.1
12.6.10
12.6.11
12.6.12
12.6.13
12.6.2
12.6.3
12.6.4
12.6.5
12.6.6
12.6.7
12.6.8
12.6.9

13.*

13.0
13.0.3
13.0.4
13.0.5
13.0.7