CVE-2021-24506
23.08.2021, 12:15
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
| Vendor | Product | Version |
|---|---|---|
| quantumcloud | slider_hero | 𝑥 < 8.2.7 |
𝑥
= Vulnerable software versions