CVE-2021-24866

CVE-2021-24866: WP Data Access < 5.0.0 - Admin+ SQL Injection

Vendor Unknown
Product WP Data Access
Weakness CWE-89 · SQLi
Published December 6, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WP Data Access WordPress plugin before 5.0.0 does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion

Key dates

02Disclosure timeline

December 6, 2021 CVE published
August 3, 2024 Record updated