CVE-2021-24303

HIGH

JiangQie Official Website Mini Program < 1.1.1 - SQL Injection via ID GET Parameter

Title source: llm
STIX 2.1

Description

The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0161
EPSS Percentile 73.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
jiangqie/official_website_mini_program < 1.1.1
Published Sep 06, 2021
Tracked Since Feb 18, 2026