SQL Injection Vulnerability in MainWP Child WordPress Plugin

SQL Injection Vulnerability in MainWP Child WordPress Plugin

CVE-2021-24877 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

Learn more about our Wordpress Pen Testing.