CVE-2021-24849

CVE-2021-24849: WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection

Vendor Unknown
Product WCFM Marketplace – Best Multivendor Marketplace for WooCommerce
Weakness CWE-89 · SQLi
Published December 21, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections

Key dates

02Disclosure timeline

December 21, 2021 CVE published
August 3, 2024 Record updated