CVE-2021-24285 Scanner

Car Seller Auto Classifieds Script is a WordPress plugin that enables site owners to create a platform where they can sell automobiles. The plugin is designed to be user-friendly, intuitive, and easy to use. It comes with a range of features, including the ability to create custom categories, add custom fields, and set up a search filter.

Unfortunately, the plugin has been found to contain a critical vulnerability. CVE-2021-24285 is a SQL injection vulnerability that exists in the request_list_request AJAX call of the plugin. This vulnerability is present in both authenticated and unauthenticated contexts, and it arises because the plugin does not validate, sanitize or escape the order_id POST parameter before using it in a SQL statement.

When exploited, this vulnerability can allow an attacker to execute arbitrary SQL queries. This can lead to data leakage, data manipulation, and full system compromise. An attacker can steal sensitive information, compromise user accounts, and even take control of the entire WordPress installation, compromising the entire website.

At s4e.io, we provide users with the tools they need to stay on top of their website's security. With our pro features, users can quickly and easily learn about vulnerabilities in their digital assets. We offer comprehensive vulnerability scanning and reporting to help our clients stay ahead of the game. With s4e.io, you can be confident that your website is secure and protected from malicious attacks.

REFERENCES

• https://codevigilant.com/disclosure/2021/24-04-2021-wp-plugin-cars-seller-auto-classifieds-script-sql-injection/
• https://wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162