SQL Injection Vulnerability in Astra Pro Addon WordPress Plugin (<= 3.5.2)

SQL Injection Vulnerability in Astra Pro Addon WordPress Plugin (<= 3.5.2)

CVE-2021-24507 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL statement, leading to an SQL Injection issues

Learn more about our Wordpress Pen Testing.