CRITICAL🇵🇱 Wersja polska

CVE-2021-24507

CVSS 9.8v3.1pub. 2021-08-09upd. 2024-11-21

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Brainstormforce Astra

    APP
    Brainstormforce
    < 3.5.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-49830CRITICAL9.9PL ✓ten sam produkt

RCE w Astra Pro – code injection dostępny dla zalogowanych użytkowników

CVE-2023-44148MEDIUM5.4ten sam produkt

Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: fr...

CVE-2025-6691HIGH8.1ten sam vendor

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file ...

CVE-2025-6742HIGH7.5ten sam vendor

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Inje...

CVE-2024-37455HIGH8.8ten sam vendor

Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege...