Unrated severityNVD Advisory· Published Dec 21, 2021· Updated Aug 3, 2024
WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection
CVE-2021-24849
Description
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/WCFM Marketplacedescription
- Range: <3.4.12
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.