CVE-2021-24666 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in Podlove Podcast Publisher plugin for WordPress affects v. before 3.5.6.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
Vulnerability Overview
CVE-2021-24666 allows unauthenticated attackers to perform SQL injections through vulnerable REST routes provided by the Social & Donations module in the Podlove Podcast Publisher plugin, potentially leading to sensitive data exposure or unauthorized database modifications.
Vulnerability Details
The vulnerability originates from the plugin's inability to properly sanitize the 'id' and 'category' parameters in the /services/contributor/(?P<id>[\d]+)
REST route. An attacker can exploit this flaw to execute arbitrary SQL commands, leading to unauthorized access to the database or manipulation of its contents.
Possible Effects
If exploited, CVE-2021-24666 could result in:
- Unauthorized access to sensitive information stored in the WordPress database.
- Modification or deletion of critical data leading to website defacement or downtime.
- Potential escalation of privileges allowing further exploitation of the WordPress site.
Why Choose S4E
S4E offers comprehensive vulnerability scanning solutions tailored to WordPress and its ecosystem. By subscribing to our services, users benefit from:
- Real-time detection of emerging vulnerabilities like CVE-2021-24666.
- Expert guidance on implementing effective security measures.
- Access to a suite of tools designed to enhance website security posture. Join S4E today and safeguard your WordPress site against critical vulnerabilities and cyber threats.