CVE-2021-24340 Scanner

WP Statistics plugin for WordPress is a popular analytics tool used by website administrators to keep track of their website's traffic. This plugin allows users to monitor the number of visitors, page views, and referrals their website receives. It also enables users to monitor any changes in their website's traffic patterns and helps them make informed decisions about their website's future.

The CVE-2021-24340 vulnerability was detected in the WP Statistics plugin for WordPress. This vulnerability occurred due to the reliance on the WordPress esc_sql() function on a field that was not delimited by quotes, and the query was not prepared before use. Additionally, the page, which should have only been accessible to administrators, was available to every visitor, including unauthenticated users.

When exploited, this vulnerability could lead to attackers gaining unauthorized access to sensitive information. An attacker could use this vulnerability to execute arbitrary SQL queries on the targeted website's database. This could result in a complete compromise of the website's database, including personal information, login credentials, and transaction data. The attacker could also use this vulnerability to modify or delete data from the database, leading to a loss of data integrity.

Those who read this article can easily and quickly learn about vulnerabilities in their digital assets through the pro features of the s4e.io platform. With this platform, website administrators can perform vulnerability scans and receive reports on any vulnerabilities detected on their website. This can help them stay on top of any potential security risks and ensure the safety of their website and customers' data.

REFERENCES

• https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
• https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/