CVE-2021-24791 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Header Footer Code Manager plugin for WordPress affects v. before 1.1.14.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview
CVE-2021-24791 allows authenticated attackers (with admin privileges) to execute SQL injections in the Header Footer Code Manager plugin, potentially leading to data exposure or unauthorized database modifications.
Vulnerability Details
The flaw is found in the handling of the "orderby" and "order" request parameters in the plugin's Snippets admin dashboard. By manipulating these parameters, an attacker can inject and execute arbitrary SQL commands, leading to unauthorized data access or manipulation.
Possible Effects
Exploitation of CVE-2021-24791 can lead to:
- Unauthorized access to sensitive WordPress database information.
- Modification or deletion of database content, potentially causing website malfunction or data loss.
- Escalation of privileges within the WordPress environment.
Why Choose S4E
S4E offers robust security solutions to protect WordPress websites from vulnerabilities like CVE-2021-24791. Our platform provides:
- Advanced scanning tools to detect vulnerabilities swiftly.
- Expert advice on mitigation and preventive measures.
- Regular updates and insights on emerging security threats. Opt for S4E to fortify your WordPress site against sophisticated cyber threats.