CVE-2021-24507

CVE-2021-24507: Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

Vendor Unknown
Product Astra Pro Addon
Weakness CWE-89 · SQLi
Published August 9, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

Key dates

02Disclosure timeline

August 9, 2021 CVE published
August 3, 2024 Record updated