CVE-2021-24132
HIGH10web Slider < 1.2.36 - Authenticated SQL Injection via bulk_action, export_full, and save_slider_db
Title source: llmDescription
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c
Scores
CVSS v3
8.8
EPSS
0.0259
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
10web/slider
< 1.2.36
Published
Mar 18, 2021
Tracked Since
Feb 18, 2026