Vulnerabilities and Security Researches

WP Editor, CVE-2021-24151

CVE, Research URL: CVE-2021-24151
Home page URL: Security reports for WP Editor
Application: WP Editor
Published on: Jan 16, 2024
Research Description: The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
Affected versions: Min -, max 1.2.7.
Status: vulnerable