S4E

CVE-2021-24731 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Pie Register plugin for WordPress affects v. before 3.7.1.6.

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

4 weeks

Scan only one

Domain, IPv4

Toolbox

-

Vulnerability Overview

CVE-2021-24731 represents a significant risk as it allows unauthenticated attackers to perform SQL injections via the affected REST API endpoint, potentially leading to unauthorized access, data leakage, or manipulation.

Vulnerability Details

The vulnerability stems from the plugin's handling of the user_login parameter in the wp-json/pie/v1/login endpoint. By exploiting this flaw, attackers can execute arbitrary SQL commands in the context of the website's database, which could compromise the site's integrity and data security.

Possible Effects

Exploitation of CVE-2021-24731 could result in:

  • Unauthorized access to sensitive database contents.
  • Manipulation or deletion of website data.
  • Disclosure of confidential information, potentially affecting both the site's operators and its users.

Why Choose S4E

S4E provides an all-encompassing approach to securing WordPress websites. By joining our platform, you gain:

  • Advanced scanning tools to detect vulnerabilities like CVE-2021-24731 in real-time.
  • Expert recommendations for vulnerability remediation and prevention.
  • Continuous monitoring to keep your site safeguarded against new and evolving threats. Opt for S4E and elevate your website's security posture today.

References

Get started to protecting your Free Full Security Scan