WordPress Plugin Vulnerabilities

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection

Description

The plugin did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

Proof of Concept

Affects Plugins

Plugin icon
astra-addon
Fixed in 3.5.2

References

CVE
CVE-2021-24507
URL
https://wpastra.com/changelog/astra-pro-addon/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Ngoc Nguyen
Submitter
Ngoc Nguyen
Submitter twitter
Ngoc22660662
Verified
Yes
WPVDB ID
a1a0dc0b-c351-4d46-ac9b-b297ce4d251c

Timeline

Publicly Published
2021-07-08 (about 4 years ago)
Added
2021-07-08 (about 4 years ago)
Last Updated
2021-08-10 (about 4 years ago)

Other

Published
Title
Published
2025-07-03
Title
GoZen Forms <= 1.1.5 - Unauthenticated SQL Injection via emdedSc()
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Author+ SQL Injection
Published
2025-03-31
Title
Ultimate Push Notifications <= 1.2.0 - Subscriber+ SQL Injection
Published
2014-08-01
Title
post highlights <= 2.2 - SQL Injection
Published
2024-04-09
Title
AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection