CVE-2021-24952 - Cyber Security News

Read Time:14 Second

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks.

More Stories

USN-7189-1: HTMLDOC vulnerabilities

It was discovered that HTMLDOC incorrectly handled certain inputs, which could lead to an integer overflow. An attacker could potentially...

January 8, 2025

USN-7188-1: FFmpeg vulnerability

It was discovered that FFmpeg incorrectly handled certain input, which could lead to an integer overflow. An attacker could possibly...

January 8, 2025

USN-7179-3: Linux kernel (GKE) vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote...

January 7, 2025

USN-7169-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 7, 2025

USN-7167-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...

January 7, 2025

firefox-134.0-1.fc41

FEDORA-2025-6fcde64d77 Packages in this update: firefox-134.0-1.fc41 Update description: Updated to latest upstream (134.0) Read More

January 7, 2025