CVE-2021-24506

CVE-2021-24506: Slider Hero < 8.2.7 - Contributor+ SQL Injection

Vendor Unknown

Product Slider Hero with Animation, Video Background & Intro Maker

Weakness CWE-89 · SQLi

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24506

Related vulnerabilities

04Related CVE

CVE-2025-1669 School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction() CVE-2025-6738 huija bicycleSharingServer UserServiceImpl.java userDao.selectUserByUserNameLike sql injection CVE-2024-56053 WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability CVE-2025-14898 CodeAstro Real Estate Management System Administrator Endpoint userbuilderdelete.php sql injection