CVE-2021-24557
HIGHm-vslider < 2.1.3 - Authenticated SQL Injection via rs_id Parameter
Title source: llmDescription
The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/8b8e41e8-5a40-4062-b5b7-3b01b1a709ef
Exploit, Third Party Advisory x_refsource_misc
https://codevigilant.com/disclosure/2021/wp-plugin-m-vslider/
Scores
CVSS v3
7.2
EPSS
0.0155
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
nimble3/m-vslider
< 2.1.3
Published
Aug 23, 2021
Tracked Since
Feb 18, 2026