Vulnerabilities > CVE-2021-24551 - Unspecified vulnerability in Edit Comments Project Edit Comments 0.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

edit-comments-project

critical

NVD

Published: 2021-08-23

Updated: 2024-11-21

Summary

The Edit Comments WordPress plugin through 0.3 does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue

Vulnerable Configurations

Part	Description	Count
Application	Edit_Comments_Project Edit Comments Project Edit Comments - Edit Comments Project Edit Comments 0.3	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-edit-comments/
https://codevigilant.com/disclosure/2021/wp-plugin-edit-comments/
https://wpscan.com/vulnerability/e62fb8db-384f-4384-ad24-e10eb9058ed5
https://wpscan.com/vulnerability/e62fb8db-384f-4384-ad24-e10eb9058ed5