Vulnerabilities > CVE-2021-24396 - Unspecified vulnerability in Bestiaweb Gseor 1.3

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bestiaweb

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordPress plugin through 1.3 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

Vulnerable Configurations

Part	Description	Count
Application	Bestiaweb Bestiaweb Gseor - Bestiaweb Gseor 1.3	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-gseor/
https://codevigilant.com/disclosure/2021/wp-plugin-gseor/
https://wpscan.com/vulnerability/28687291-2369-49e0-8905-dc4359454830
https://wpscan.com/vulnerability/28687291-2369-49e0-8905-dc4359454830