CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24557

The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.3%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://codevigilant.com/disclosure/2021/wp-plugin-m-vslider/
https://wpscan.com/vulnerability/8b8e41e8-5a40-4062-b5b7-3b01b1a709ef
https://codevigilant.com/disclosure/2021/wp-plugin-m-vslider/
https://wpscan.com/vulnerability/8b8e41e8-5a40-4062-b5b7-3b01b1a709ef

Products affected by CVE-2021-24557

Nimble3 » M-Vslider » Version: N/A

cpe:2.3:a:nimble3:m-vslider:-
Nimble3 » M-Vslider » Version: 2.1.3

cpe:2.3:a:nimble3:m-vslider:2.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24557

Products

Pricing

Contact Us