CVE-2021-24132

HIGH

10web Slider < 1.2.36 - Authenticated SQL Injection via bulk_action, export_full, and save_slider_db

Title source: llm
STIX 2.1

Description

The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c

Scores

CVSS v3 8.8
EPSS 0.0259
EPSS Percentile 83.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
10web/slider < 1.2.36
Published Mar 18, 2021
Tracked Since Feb 18, 2026