S4E

CVE-2021-24791 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Header Footer Code Manager plugin for WordPress affects v. before 1.1.14.

SCAN NOW

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

Vulnerability Overview

CVE-2021-24791 allows authenticated attackers (with admin privileges) to execute SQL injections in the Header Footer Code Manager plugin, potentially leading to data exposure or unauthorized database modifications.

Vulnerability Details

The flaw is found in the handling of the "orderby" and "order" request parameters in the plugin's Snippets admin dashboard. By manipulating these parameters, an attacker can inject and execute arbitrary SQL commands, leading to unauthorized data access or manipulation.

Possible Effects

Exploitation of CVE-2021-24791 can lead to:

  • Unauthorized access to sensitive WordPress database information.
  • Modification or deletion of database content, potentially causing website malfunction or data loss.
  • Escalation of privileges within the WordPress environment.

Why Choose S4E

S4E offers robust security solutions to protect WordPress websites from vulnerabilities like CVE-2021-24791. Our platform provides:

  • Advanced scanning tools to detect vulnerabilities swiftly.
  • Expert advice on mitigation and preventive measures.
  • Regular updates and insights on emerging security threats. Opt for S4E to fortify your WordPress site against sophisticated cyber threats.

References

Get started to protecting your Free Full Security Scan