VYPR

m-vslider

by WordPress

CVEs (1)

  • CVE-2021-24557HigAug 23, 2021
    risk 0.47cvss 7.2epss 0.02

    The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.