CVE-2021-24451

HIGH

Export Users With Meta < 0.6.5 - Authenticated SQL Injection via Role Export Functionality

Title source: llm
STIX 2.1

Description

The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection.

References (1)

Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://wpscan.com/vulnerability/40603382-404b-44a2-8212-f2008366891c

Scores

CVSS v3 7.2
EPSS 0.0142
EPSS Percentile 69.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
export_users_with_meta_project/export_users_with_meta < 0.6.5
Published Jul 06, 2021
Tracked Since Feb 18, 2026