SQL Injection Vulnerability in Affiliates Manager WordPress Plugin

SQL Injection Vulnerability in Affiliates Manager WordPress Plugin

CVE-2021-24844 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

Learn more about our Wordpress Pen Testing.