CVE-2021-24915 Scanner

Vulnerability Overview

CVE-2021-24915 allows attackers to perform SQL injections to access or manipulate the database. This can lead to unauthorized disclosure of all registered users' usernames and email addresses on the affected WordPress site.

Vulnerability Details

The flaw is present in the functionality that handles user exports from galleries. By manipulating the 'cg-search-user-name-original' parameter, attackers can inject arbitrary SQL commands, which are executed by the plugin without proper sanitization or capability checks, leading to potential data breaches.

Possible Effects

Exploiting this vulnerability could lead to:

• Unauthorized access to sensitive user information.
• Database manipulation or corruption.
• Compromise of the entire WordPress site.

Why Choose SecurityForEveryone

SecurityForEveryone provides comprehensive security solutions tailored to your needs. By leveraging our advanced scanning tools and expertise, you benefit from:

• Real-time vulnerability detection and notifications.
• Expert guidance on remediation and security best practices.
• Enhanced protection against emerging threats and vulnerabilities. Join SecurityForEveryone today and fortify your digital assets against sophisticated cyber threats.

References

• WPScan Vulnerability Report
• Contest Gallery Plugin on WordPress
• CVE-2021-24915 on NVD