Vulnerabilities > CVE-2021-24400 - Unspecified vulnerability in Wp-Display-Users Project Wp-Display-Users

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wp-display-users-project

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an `id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

Vulnerable Configurations

Part	Description	Count
Application	Wp-Display-Users_Project WP Display Users Project WP Display Users *	1

References

https://codevigilant.com/disclosure/2021/wp-plugin-wp-display-users/
https://codevigilant.com/disclosure/2021/wp-plugin-wp-display-users/
https://wpscan.com/vulnerability/614cf338-c8cf-4570-ae83-4f79cbdcc9d5
https://wpscan.com/vulnerability/614cf338-c8cf-4570-ae83-4f79cbdcc9d5