Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Popup Like box – Page Plugin by Ays Pro

    CVE-2021-24460 (GCVE-0-2021-24460)

    Vulnerability from nvd – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
    Summary
    The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ays Pro Popup Like box – Page Plugin Affected: 3.5.3 , < 3.5.3 (custom)
    Create a notification for this product.
    Credits
    To Quang Duong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:19.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Popup Like box \u2013 Page Plugin",
              "vendor": "Ays Pro",
              "versions": [
                {
                  "lessThan": "3.5.3",
                  "status": "affected",
                  "version": "3.5.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "To Quang Duong"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:32:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24460",
              "STATE": "PUBLIC",
              "TITLE": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Popup Like box \u2013 Page Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.5.3",
                                "version_value": "3.5.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ays Pro"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "To Quang Duong"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24460",
        "datePublished": "2021-08-02T10:32:06.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:19.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24460 (GCVE-0-2021-24460)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:32 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Popup Like box - Page Plugin < 3.5.3 - Authenticated Blind SQL Injections
    Summary
    The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ays Pro Popup Like box – Page Plugin Affected: 3.5.3 , < 3.5.3 (custom)
    Create a notification for this product.
    Credits
    To Quang Duong
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:19.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Popup Like box \u2013 Page Plugin",
              "vendor": "Ays Pro",
              "versions": [
                {
                  "lessThan": "3.5.3",
                  "status": "affected",
                  "version": "3.5.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "To Quang Duong"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:32:06.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24460",
              "STATE": "PUBLIC",
              "TITLE": "Popup Like box - Page Plugin \u003c 3.5.3 - Authenticated Blind SQL Injections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Popup Like box \u2013 Page Plugin",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.5.3",
                                "version_value": "3.5.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Ays Pro"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "To Quang Duong"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The get_fb_likeboxes() function in the Popup Like box \u2013 Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89 SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/9c0164f2-464b-4876-a48f-c0ebd63cf397"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24460",
        "datePublished": "2021-08-02T10:32:06.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:19.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }