Vulnerabilities > CVE-2021-24365 - Unspecified vulnerability in Admincolumns Admin Columns

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
admincolumns
NVD
Published: 2021-07-12
Updated: 2024-11-21

Summary

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbitrary database column to display in the table. There was no escaping applied to the contents of "Custom Field" columns.

Vulnerable Configurations

Part Description Count
Application
Admincolumns
248

References