← back
CVE-2021-24580

Side Menu Lite < 2.2.6 - Authenticated SQL Injection

EPSS 1.4%CWE-89
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise user input from the List page in the admin dashboard before using it in SQL statement, leading to a SQL Injection issue
Affected products
Unknown · Side Menu Lite - add sticky fixed buttons

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/2faccd1b-4b1c-4b3e-b917-de2d05e860f8