CVE-2021-24580

HIGH

Side Menu Lite WordPress Plugin < 2.2.6 - Authenticated SQL Injection via Admin Dashboard List Page

Title source: llm
STIX 2.1

Description

The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/2faccd1b-4b1c-4b3e-b917-de2d05e860f8

Scores

CVSS v3 8.8
EPSS 0.0136
EPSS Percentile 68.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
wow-estore/side_menu < 2.2.6
Published Aug 30, 2021
Tracked Since Feb 18, 2026