CVE-2021-24753

CVE-2021-24753: Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

Vendor Unknown

Product Rich Reviews by Starfish

Weakness CWE-89 · SQLi

Published December 27, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue

Key dates

02Disclosure timeline

December 27, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24753 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-4443 SourceCodester Free Hospital Management System for Small Practices edit-doc.php sql injection CVE-2019-25575 SimplePress CMS 1.0.7 SQL Injection via p and s Parameters CVE-2026-5558 PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection CVE-2026-12131 CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection CVE-2025-9743 code-projects Human Resource Integrated System login_attendance2.php sql injection