CVE-2021-24458
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2021-24458. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Available Exploits
Related News
WordPress Vulnerability
Identified and analyzed by Wordfence
Software Type
Patch Status
Published
Software Details
Software Name
Popup Box – Create Countdown, Coupon, Video, Contact Form Popups
Software Slug
ays-popup-box
Affected Versions
Patched Versions
Remediation
Update to version 2.3.4, or a newer patched version
© Defiant Inc. Data provided by Wordfence.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022