CVE-2021-24844

HIGH

WordPress Affiliates Manager <2.8.7 - SQL Injection

Title source: llm
STIX 2.1

Description

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/ebd6d13c-572e-4861-b7d1-a7a87332ce0d
Patch, Third Party Advisory x_refsource_confirm
https://plugins.trac.wordpress.org/changeset/2611862/

Scores

CVSS v3 7.2
EPSS 0.0148
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
wpaffiliatemanager/affiliates_manager < 2.8.7
Published Nov 08, 2021
Tracked Since Feb 18, 2026