CVE-2021-24554

CVE-2021-24554: Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection

Vendor Unknown

Product Paytm – Donation Plugin

Weakness CWE-89 · SQLi

Published August 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Paytm – Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue

Key dates

02Disclosure timeline

August 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24554

Related vulnerabilities

04Related CVE

CVE-2024-37112 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Arbitrary SQL Query Execution vulnerability CVE-2026-4304 WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter CVE-2026-31920 WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability CVE-2021-32932 CVE-2024-11648 1000 Projects Beauty Parlour Management System add-customer.php sql injection