S4E

CVE-2021-24915 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Contest Gallery plugin for WordPress affects v. before 13.1.0.6.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

Vulnerability Overview

CVE-2021-24915 allows attackers to perform SQL injections to access or manipulate the database. This can lead to unauthorized disclosure of all registered users' usernames and email addresses on the affected WordPress site.

Vulnerability Details

The flaw is present in the functionality that handles user exports from galleries. By manipulating the 'cg-search-user-name-original' parameter, attackers can inject arbitrary SQL commands, which are executed by the plugin without proper sanitization or capability checks, leading to potential data breaches.

Possible Effects

Exploiting this vulnerability could lead to:

  • Unauthorized access to sensitive user information.
  • Database manipulation or corruption.
  • Compromise of the entire WordPress site.

Why Choose S4E

S4E provides comprehensive security solutions tailored to your needs. By leveraging our advanced scanning tools and expertise, you benefit from:

  • Real-time vulnerability detection and notifications.
  • Expert guidance on remediation and security best practices.
  • Enhanced protection against emerging threats and vulnerabilities. Join S4E today and fortify your digital assets against sophisticated cyber threats.

References

Get started to protecting your Free Full Security Scan