CVE-2021-24772

Vulnerable Component Details
Type Namespace Name Version Package URL
npm None stream 0.0.2 pkg:npm/stream@0.0.2?package-id=73b008607c39b546
Vulnerability Details
ID CVE-2021-24772
Description The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.
Ratings
Severity Score Method Vector Source
None None
8.8 CVSSv2 AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Found By Anchore Grype
References / Advisories