S4E

CVE-2021-24627 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in G Auto-Hyperlink plugin for WordPress affects v. through 1.0.1.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

4 weeks

Scan only one

Domain, IPv4

Toolbox

-

Vulnerability Overview

The vulnerability arises from the plugin's failure to sanitize the 'id' GET parameter before incorporating it into a SQL query. This flaw allows authenticated users to manipulate SQL queries, leading to unauthorized database access.

Vulnerability Details

By exploiting this SQL injection vulnerability, an attacker, authenticated as a low-privileged user, can perform database queries that retrieve, modify, or delete data. The attacker can manipulate the 'id' parameter in the plugin's admin dashboard URL to inject malicious SQL commands.

Possible Effects

Exploitation of this vulnerability could lead to:

  • Unauthorized access to sensitive data stored in the WordPress database.
  • Modification or deletion of data, which could compromise the website's integrity and availability.
  • Escalation of privileges by manipulating the database to grant higher-level access to the attacker.

Why Choose S4E

S4E provides a robust platform for identifying and mitigating vulnerabilities like CVE-2021-24627. By becoming a member, you gain access to:

  • A wide array of vulnerability scanners tailored to detect specific threats.
  • Expert advice on vulnerability remediation and security best practices.
  • Continuous monitoring services to alert you of new vulnerabilities and threats as they emerge. Investing in S4E equips you with the tools to maintain a secure and resilient online presence against evolving cybersecurity challenges.

References

Get started to protecting your Free Full Security Scan