Vulnerability Details CVE-2021-24507
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues
Exploit prediction scoring system (EPSS) score
EPSS Score 0.442
EPSS Ranking 97.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-24507
-
cpe:2.3:a:brainstormforce:astra:1.0.0
-
cpe:2.3:a:brainstormforce:astra:1.0.1
-
cpe:2.3:a:brainstormforce:astra:1.0.2
-
cpe:2.3:a:brainstormforce:astra:1.0.3
-
cpe:2.3:a:brainstormforce:astra:1.0.4
-
cpe:2.3:a:brainstormforce:astra:1.1.0
-
cpe:2.3:a:brainstormforce:astra:1.2.0
-
cpe:2.3:a:brainstormforce:astra:1.2.1
-
cpe:2.3:a:brainstormforce:astra:1.2.2
-
cpe:2.3:a:brainstormforce:astra:1.2.3
-
cpe:2.3:a:brainstormforce:astra:1.3.0
-
cpe:2.3:a:brainstormforce:astra:1.3.1
-
cpe:2.3:a:brainstormforce:astra:1.3.2
-
cpe:2.3:a:brainstormforce:astra:1.3.3
-
cpe:2.3:a:brainstormforce:astra:1.3.4
-
cpe:2.3:a:brainstormforce:astra:1.4.0
-
cpe:2.3:a:brainstormforce:astra:1.4.1
-
cpe:2.3:a:brainstormforce:astra:1.4.2
-
cpe:2.3:a:brainstormforce:astra:1.4.3
-
cpe:2.3:a:brainstormforce:astra:1.4.4
-
cpe:2.3:a:brainstormforce:astra:1.4.5
-
cpe:2.3:a:brainstormforce:astra:1.4.6
-
cpe:2.3:a:brainstormforce:astra:1.4.7
-
cpe:2.3:a:brainstormforce:astra:1.5.0
-
cpe:2.3:a:brainstormforce:astra:1.5.1
-
cpe:2.3:a:brainstormforce:astra:1.5.2
-
cpe:2.3:a:brainstormforce:astra:1.6.0
-
cpe:2.3:a:brainstormforce:astra:1.6.1
-
cpe:2.3:a:brainstormforce:astra:1.6.10
-
cpe:2.3:a:brainstormforce:astra:1.6.11
-
cpe:2.3:a:brainstormforce:astra:1.6.12
-
cpe:2.3:a:brainstormforce:astra:1.6.13
-
cpe:2.3:a:brainstormforce:astra:1.6.14
-
cpe:2.3:a:brainstormforce:astra:1.6.2
-
cpe:2.3:a:brainstormforce:astra:1.6.3
-
cpe:2.3:a:brainstormforce:astra:1.6.4
-
cpe:2.3:a:brainstormforce:astra:1.6.5
-
cpe:2.3:a:brainstormforce:astra:1.6.6
-
cpe:2.3:a:brainstormforce:astra:1.6.6.1
-
cpe:2.3:a:brainstormforce:astra:1.6.7
-
cpe:2.3:a:brainstormforce:astra:1.6.8
-
cpe:2.3:a:brainstormforce:astra:1.6.9
-
cpe:2.3:a:brainstormforce:astra:1.7.0
-
cpe:2.3:a:brainstormforce:astra:1.7.1
-
cpe:2.3:a:brainstormforce:astra:1.8.0
-
cpe:2.3:a:brainstormforce:astra:1.8.1
-
cpe:2.3:a:brainstormforce:astra:1.8.2
-
cpe:2.3:a:brainstormforce:astra:1.8.3
-
cpe:2.3:a:brainstormforce:astra:1.8.4
-
cpe:2.3:a:brainstormforce:astra:1.8.5
-
cpe:2.3:a:brainstormforce:astra:1.8.6
-
cpe:2.3:a:brainstormforce:astra:1.8.7
-
cpe:2.3:a:brainstormforce:astra:1.8.8
-
cpe:2.3:a:brainstormforce:astra:2.0.0
-
cpe:2.3:a:brainstormforce:astra:2.1.0
-
cpe:2.3:a:brainstormforce:astra:2.1.1
-
cpe:2.3:a:brainstormforce:astra:2.1.2
-
cpe:2.3:a:brainstormforce:astra:2.1.3
-
cpe:2.3:a:brainstormforce:astra:2.1.4
-
cpe:2.3:a:brainstormforce:astra:2.2.0
-
cpe:2.3:a:brainstormforce:astra:2.2.1
-
cpe:2.3:a:brainstormforce:astra:2.2.2
-
cpe:2.3:a:brainstormforce:astra:2.2.3
-
cpe:2.3:a:brainstormforce:astra:2.2.4
-
cpe:2.3:a:brainstormforce:astra:2.2.5
-
cpe:2.3:a:brainstormforce:astra:2.3.0
-
cpe:2.3:a:brainstormforce:astra:2.3.1
-
cpe:2.3:a:brainstormforce:astra:2.3.2
-
cpe:2.3:a:brainstormforce:astra:2.3.3
-
cpe:2.3:a:brainstormforce:astra:2.3.4
-
cpe:2.3:a:brainstormforce:astra:2.4.0
-
cpe:2.3:a:brainstormforce:astra:2.4.1
-
cpe:2.3:a:brainstormforce:astra:2.5.0
-
cpe:2.3:a:brainstormforce:astra:2.5.1
-
cpe:2.3:a:brainstormforce:astra:2.6.1
-
cpe:2.3:a:brainstormforce:astra:2.6.2
-
cpe:2.3:a:brainstormforce:astra:2.6.3
-
cpe:2.3:a:brainstormforce:astra:2.6.4
-
cpe:2.3:a:brainstormforce:astra:2.7.0
-
cpe:2.3:a:brainstormforce:astra:2.7.1
-
cpe:2.3:a:brainstormforce:astra:2.7.2
-
cpe:2.3:a:brainstormforce:astra:2.7.3
-
cpe:2.3:a:brainstormforce:astra:3.0.0
-
cpe:2.3:a:brainstormforce:astra:3.0.1
-
cpe:2.3:a:brainstormforce:astra:3.1.0
-
cpe:2.3:a:brainstormforce:astra:3.2.0
-
cpe:2.3:a:brainstormforce:astra:3.3.0
-
cpe:2.3:a:brainstormforce:astra:3.3.1
-
cpe:2.3:a:brainstormforce:astra:3.3.2
-
cpe:2.3:a:brainstormforce:astra:3.4.0
-
cpe:2.3:a:brainstormforce:astra:3.4.1
-
cpe:2.3:a:brainstormforce:astra:3.4.2
-
cpe:2.3:a:brainstormforce:astra:3.5.0
-
cpe:2.3:a:brainstormforce:astra:3.5.1