Search criteria
2 vulnerabilities found for Popup Like box – Page Plugin by Ays Pro
CVE-2021-24460 (GCVE-0-2021-24460)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
VLAI?
Title
Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
Summary
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ays Pro | Popup Like box – Page Plugin |
Affected:
3.5.3 , < 3.5.3
(custom)
|
Credits
To Quang Duong
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Popup Like box \u2013 Page Plugin",
"vendor": "Ays Pro",
"versions": [
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "To Quang Duong"
}
],
"descriptions": [
{
"lang": "en",
"value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:06",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24460",
"STATE": "PUBLIC",
"TITLE": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Popup Like box \u2013 Page Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.3",
"version_value": "3.5.3"
}
]
}
}
]
},
"vendor_name": "Ays Pro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "To Quang Duong"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24460",
"datePublished": "2021-08-02T10:32:06",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24460 (GCVE-0-2021-24460)
Vulnerability from nvd – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
VLAI?
Title
Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
Summary
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ays Pro | Popup Like box – Page Plugin |
Affected:
3.5.3 , < 3.5.3
(custom)
|
Credits
To Quang Duong
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:19.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Popup Like box \u2013 Page Plugin",
"vendor": "Ays Pro",
"versions": [
{
"lessThan": "3.5.3",
"status": "affected",
"version": "3.5.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "To Quang Duong"
}
],
"descriptions": [
{
"lang": "en",
"value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:32:06",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24460",
"STATE": "PUBLIC",
"TITLE": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Popup Like box \u2013 Page Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.3",
"version_value": "3.5.3"
}
]
}
}
]
},
"vendor_name": "Ays Pro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "To Quang Duong"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24460",
"datePublished": "2021-08-02T10:32:06",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:19.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}