CVE-2021-39351

CVE-2021-39351: WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection

Vendor Wp Bannerize
Product WP Bannerize
Weakness CWE-89 · SQLi
Published October 6, 2021
Last update February 14, 2025

CVSS base score

What the vulnerability does

01Description

The WP Bannerize WordPress plugin is vulnerable to authenticated SQL injection via the id parameter found in the ~/Classes/wpBannerizeAdmin.php file which allows attackers to exfiltrate sensitive information from vulnerable sites. This issue affects versions 2.0.0 - 4.0.2.

Key dates

02Disclosure timeline

October 6, 2021 CVE published
February 14, 2025 Record updated