CVE-2021-44779
HIGH[GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection via listid Parameter
Title source: llmDescription
Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/gwa-autoresponder/
Third Party Advisory x_refsource_confirm
https://patchstack.com/database/vulnerability/gwa-autoresponder/wordpress-gwa-autoresponder-plugin-2-3-unauthenticated-sql-injection-sqli-vulnerability
Scores
CVSS v3
7.3
EPSS
0.0107
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (2)
\[gwa\]_autoresponder_project/\[gwa\]_autoresponder
< 2.3
G.J.P./[GWA] AutoResponder (WordPress plugin)
<= 2.3 - 2.3
Published
Feb 04, 2022
Tracked Since
Feb 18, 2026