Quotes Collection <= 2.5.2 – Admin+ SQL Injection | CVE 2021-24861

Affects Plugins

quotes-collection

No known fix

References

CVE

CVE-2021-24861

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website

https://blog.szfszf.top

Verified

Yes

WPVDB ID

9a50d5d0-7a50-47d1-a8f9-e0eb217919d9

Timeline

Publicly Published

2021-11-15 (about 2 years ago)

Added

2021-11-15 (about 2 years ago)

Last Updated

2022-09-26 (about 1 years ago)

Other

Published

Title

Published

2022-03-07

Title

Popup Builder < 4.1.1 - SQL Injection to Reflected Cross-Site Scripting

Published

2015-12-01

Title

Email Newsletter <= 20.15 - SQL Injection

Published

2014-08-01

Title

Automatic 2.0.3 - csv.php q Parameter SQL Injection

Published

2022-03-08

Title

WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi

Published

2021-11-08

Title

WP Data Access < 5.0.0 - Admin+ SQL Injection