CVE-2021-24952 - Cyber Security News

Read Time:14 Second

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.

More Stories

USN-7187-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 6, 2025

USN-7186-1: Linux kernel (Intel IoTG) vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...

January 6, 2025

USN-7179-2: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...

January 6, 2025

USN-7185-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A...

January 6, 2025

USN-7184-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A...

January 6, 2025

USN-7183-1: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...

January 6, 2025