Description

WordPress Plugin Side Menu Lite-add sticky fixed buttons is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Side Menu Lite-add sticky fixed buttons version 2.2.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.2.6 or latest

References

https://github.com/pang0lin/CVEproject/blob/main/wordpress_side-menu-lite_sqli2.md

https://sploitus.com/exploit?id=WPEX-ID:2FACCD1B-4B1C-4B3E-B917-DE2D05E860F8

Related Vulnerabilities

MySQL CVE-2020-2923 Vulnerability (CVE-2020-2923)

WordPress Plugin YITH WooCommerce Cart Messages Security Bypass (1.4.3)

PostgreSQL Other Vulnerability (CVE-2006-0105)

Oracle Application Server CVE-2008-3975 Vulnerability (CVE-2008-3975)

WordPress Plugin Shariff for WordPress Cross-Site Scripting (1.0.7)

Severity

High

Classification

CVE-2021-24580 CWE-89 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection