CVE-2021-24860

CVE-2021-24860: BSK PDF Manager < 3.1.2 - Admin+ SQL Injection

Vendor Unknown

Product BSK PDF Manager

Weakness CWE-89 · SQLi

Published November 29, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue

Key dates

02Disclosure timeline

November 29, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24860

Related vulnerabilities

04Related CVE

CVE-2025-30571 WordPress STEdb Forms plugin <= 1.0.4 - SQL Injection Vulnerability CVE-2022-0867 ARPrice Lite < 3.6.1 - Unauthenticated SQLi CVE-2019-25668 News Website Script 2.0.5 SQL Injection via index.php CVE-2026-13529 YzmCMS index.php sql injection CVE-2025-27103 Dataease Mysql JDBC Connection Parameters Not Being Verified Leads to Arbitrary File Read Vulnerability