Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Cookie Notification Plugin for WordPress – WP Cookie User Info by Unknown

    CVE-2021-24858 (GCVE-0-2021-24858)

    Vulnerability from nvd – Published: 2022-01-24 08:00 – Updated: 2024-08-03 19:42
    VLAI
    Title
    WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
    Summary
    The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Shreya Pohekar of Codevigilant Project
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:17.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cookie Notification Plugin for WordPress \u2013 WP Cookie User Info",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.0.9",
                  "status": "affected",
                  "version": "1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Shreya Pohekar of Codevigilant Project"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-24T08:00:50.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Cookie User Info \u003c 1.0.9 - Admin+ SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24858",
              "STATE": "PUBLIC",
              "TITLE": "WP Cookie User Info \u003c 1.0.9 - Admin+ SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cookie Notification Plugin for WordPress \u2013 WP Cookie User Info",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.0.9",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Shreya Pohekar of Codevigilant Project"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24858",
        "datePublished": "2022-01-24T08:00:50.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:17.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24858 (GCVE-0-2021-24858)

    Vulnerability from cvelistv5 – Published: 2022-01-24 08:00 – Updated: 2024-08-03 19:42
    VLAI
    Title
    WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
    Summary
    The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Credits
    Shreya Pohekar of Codevigilant Project
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:42:17.244Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cookie Notification Plugin for WordPress \u2013 WP Cookie User Info",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.0.9",
                  "status": "affected",
                  "version": "1.0.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Shreya Pohekar of Codevigilant Project"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-24T08:00:50.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WP Cookie User Info \u003c 1.0.9 - Admin+ SQL Injection",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24858",
              "STATE": "PUBLIC",
              "TITLE": "WP Cookie User Info \u003c 1.0.9 - Admin+ SQL Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cookie Notification Plugin for WordPress \u2013 WP Cookie User Info",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.0.9",
                                "version_value": "1.0.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Shreya Pohekar of Codevigilant Project"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/9bd1c040-09cc-4c2d-88c9-8406a653a48b"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24858",
        "datePublished": "2022-01-24T08:00:50.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:42:17.244Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }