Vulnerabilities > CVE-2021-25064 - Unspecified vulnerability in Wow-Company WOW Countdowns 3.1.2

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
wow-company

Summary

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

Vulnerable Configurations

Part Description Count
Application
Wow-Company
2