CVE-2021-24915 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Contest Gallery plugin for WordPress affects v. before 13.1.0.6.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
CVE-2021-24915 allows attackers to perform SQL injections to access or manipulate the database. This can lead to unauthorized disclosure of all registered users' usernames and email addresses on the affected WordPress site.
Vulnerability Details
The flaw is present in the functionality that handles user exports from galleries. By manipulating the 'cg-search-user-name-original' parameter, attackers can inject arbitrary SQL commands, which are executed by the plugin without proper sanitization or capability checks, leading to potential data breaches.
Possible Effects
Exploiting this vulnerability could lead to:
- Unauthorized access to sensitive user information.
- Database manipulation or corruption.
- Compromise of the entire WordPress site.
Why Choose S4E
S4E provides comprehensive security solutions tailored to your needs. By leveraging our advanced scanning tools and expertise, you benefit from:
- Real-time vulnerability detection and notifications.
- Expert guidance on remediation and security best practices.
- Enhanced protection against emerging threats and vulnerabilities. Join S4E today and fortify your digital assets against sophisticated cyber threats.
References
- WPScan Vulnerability Report
- Contest Gallery Plugin on WordPress
- CVE-2021-24915 on NVD