CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-4450

HIGH
8.8
CVSS Severity Score
EPSS Score0.0540%
EPSS Percentile30.66th
Published2024年10月16日
Last Modified2024年10月30日

Vulnerability Description

The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Affected Platforms (CPE)

📦
Pickplugins

Post Grid

<= 2.1.12

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset/2644269
🔗 https://www.wordfence.com/threat-intel/vulnerabilities/id/a321b112-ce37-4a0e-800f-f3feef6ac799?source=cve

相关漏洞威胁

CVE-2020-359387.5

PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to i...

CVE-2020-359367.5

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated a...

CVE-2021-246526.5

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in ...

CVE-2021-244886.1

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly saniti...