Description
The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/eb21ebc5-265c-4378-b2c6-62f6bc2f69cd
Exploit, Third Party Advisory x_refsource_misc
https://github.com/pang0lin/CVEproject/blob/main/wordpress_side-menu-lite_sqli.md
Scores
CVSS v3
7.2
EPSS
0.0159
EPSS Percentile
72.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
wow-estore/side_menu
< 2.2.1
Published
Aug 09, 2021
Tracked Since
Feb 18, 2026