CVE-2021-24554 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Paytm – Donation Plugin for WordPress affects v. through 1.3.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month
Scan only one
Domain, IPv4
Toolbox
-
The Paytm – Donation Plugin for WordPress is a plugin designed to facilitate donations through Paytm on a WordPress website. This plugin allows website owners to integrate Paytm donation options into their websites quickly and easily. By utilizing this tool, website owners can improve their ability to collect and manage donations from their audience without the need for extensive coding or development knowledge.
The CVE-2021-24554 vulnerability discovered in the Paytm – Donation Plugin for WordPress allows an authenticated SQL injection to occur. This vulnerability arises from the plugin's lack of sanitization, validation, or escape usage with the id GET parameter. This flaw makes it possible for an attacker to exploit the feature and gain unauthorized access to the website's database through SQL injection.
The exploitation of this vulnerability can lead to the stealing of sensitive data such as user login credentials, payment information, and confidential business data. It can also allow attackers to execute malicious code on the website, leading to the defacement of web pages, the installation of malware, or even complete website takeover.
Thanks to the pro features of the s4e.io platform, website owners can easily and quickly learn about vulnerabilities in their digital assets. The platform offers a comprehensive suite of features such as vulnerability scanning, incident response, and managed security services that help organizations stay one step ahead of cyber threats. By utilizing these powerful tools, website owners can ensure the security and reliability of their digital assets and eliminate the risk of vulnerabilities like CVE-2021-24554.
REFERENCES