CVE-2021-24849 Scanner
Detects 'SQL Injection (SQLi)' vulnerability in WCFM WooCommerce Multivendor Marketplace plugin for WordPress affects v. before 3.4.12.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
672 sec
Scan only one
Domain, Ipv4
Toolbox
-
Vulnerability Overview:
- CVE Identifier: CVE-2021-24849
- Vulnerable Component: WCFM WooCommerce Multivendor Marketplace plugin
- Parameters Affected: Multiple parameters in the
wcfm_ajax_controller
AJAX action - Issue: Insufficient sanitization leading to SQL Injection
Vulnerability Details:
The vulnerability arises from the plugin's failure to adequately sanitize user-supplied input before using it in SQL queries. This oversight makes it possible for attackers to manipulate SQL queries by injecting malicious SQL code through the plugin’s AJAX action wcfm_ajax_controller
. The affected parameters include transaction_id
, among others, which can be exploited by both unauthenticated and authenticated users.
Possible Effects:
Exploiting this vulnerability could allow attackers to gain unauthorized access to the database, retrieve sensitive information, modify database entries, and potentially compromise the WordPress site. This could lead to data breaches, identity theft, and unauthorized administrative operations.
Why Choose S4E:
S4E (S4E) provides comprehensive vulnerability scanning solutions tailored to your security needs. By choosing S4E, you benefit from:
- Continuous Monitoring: Stay ahead of threats with real-time alerts and updates.
- Expert Support: Gain access to cybersecurity experts for guidance on vulnerability mitigation.
- Customizable Scans: Tailor scans to fit the specific needs of your organization, ensuring thorough coverage and protection.