Vulnerabilities > CVE-2021-25054 - Unspecified vulnerability in Wow-Company Wpcalc 2.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wow-company

NVD

Published: 2022-01-10

Updated: 2024-11-21

Summary

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Wow-Company WOW Company Wpcalc - WOW Company Wpcalc 2.1	2

References

https://wpscan.com/vulnerability/200969eb-e2a4-4200-82d7-0c313de089af
https://wpscan.com/vulnerability/200969eb-e2a4-4200-82d7-0c313de089af