Beta

Report

The Sorter <= 1.0 is vulnerable to Authenticated SQL Injection (SQLi) vulnerability

Administrator
Published
2021-08-21

The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24399

CVSS

Score:4.7

Severity:Medium

Version: 1.0

The plugin vendor has not patched this vulnerability at the moment.