Medium severity6.5NVD Advisory· Published Feb 7, 2022· Updated Jun 17, 2026
CVE-2021-24928
CVE-2021-24928
Description
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Rearrange Woocommerce Products plugindescription
- Range: <3.0.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/3762a77c-b8c9-428f-877c-bbfd7958e7benvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.