CVE-2021-24877

CVE-2021-24877: MainWP Child < 4.1.8 - Admin+ SQL Injection

Vendor Unknown

Product MainWP Child - Securely connects sites to the MainWP WordPress Manager Dashboard

Weakness CWE-89 · SQLi

Published November 23, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

Key dates

02Disclosure timeline

November 23, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24877 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2021-24877: MainWP Child < 4.1.8 - Admin+ SQL Injection

01Description

02Disclosure timeline

03References

04Related CVE