SQL Injection Vulnerability in Affiliates Manager WordPress Plugin
CVE-2021-24844 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue
Learn more about our Wordpress Pen Testing.