CVE-2021-24627 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in G Auto-Hyperlink plugin for WordPress affects v. through 1.0.1.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4
Toolbox
-
Vulnerability Overview
The vulnerability arises from the plugin's failure to sanitize the 'id' GET parameter before incorporating it into a SQL query. This flaw allows authenticated users to manipulate SQL queries, leading to unauthorized database access.
Vulnerability Details
By exploiting this SQL injection vulnerability, an attacker, authenticated as a low-privileged user, can perform database queries that retrieve, modify, or delete data. The attacker can manipulate the 'id' parameter in the plugin's admin dashboard URL to inject malicious SQL commands.
Possible Effects
Exploitation of this vulnerability could lead to:
- Unauthorized access to sensitive data stored in the WordPress database.
- Modification or deletion of data, which could compromise the website's integrity and availability.
- Escalation of privileges by manipulating the database to grant higher-level access to the attacker.
Why Choose S4E
S4E provides a robust platform for identifying and mitigating vulnerabilities like CVE-2021-24627. By becoming a member, you gain access to:
- A wide array of vulnerability scanners tailored to detect specific threats.
- Expert advice on vulnerability remediation and security best practices.
- Continuous monitoring services to alert you of new vulnerabilities and threats as they emerge. Investing in S4E equips you with the tools to maintain a secure and resilient online presence against evolving cybersecurity challenges.