CVE-2021-24625

CVE-2021-24625: SpiderCatalog <= 1.7.3 - Admin+ SQL Injection

Vendor Unknown

Product SpiderCatalog

Weakness CWE-89 · SQLi

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24625

Related vulnerabilities

04Related CVE

CVE-2025-26875 WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulnerability CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection CVE-2024-1254 Byzoro Smart S20 Management Platform sysmanageajax.php sql injection CVE-2023-6413 SQL injection in Voovi Social Networking Script CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability