VYPR

SpiderCatalog

by WordPress

CVEs (1)

  • CVE-2021-24625HigNov 8, 2021
    risk 0.47cvss 7.2epss 0.01

    The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category