Security for everyone

CVE-2021-24915 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Contest Gallery plugin for WordPress affects v. before 13.1.0.6.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24915 Scanner Detail

Vulnerability Overview

CVE-2021-24915 allows attackers to perform SQL injections to access or manipulate the database. This can lead to unauthorized disclosure of all registered users' usernames and email addresses on the affected WordPress site.

Vulnerability Details

The flaw is present in the functionality that handles user exports from galleries. By manipulating the 'cg-search-user-name-original' parameter, attackers can inject arbitrary SQL commands, which are executed by the plugin without proper sanitization or capability checks, leading to potential data breaches.

Possible Effects

Exploiting this vulnerability could lead to:

  • Unauthorized access to sensitive user information.
  • Database manipulation or corruption.
  • Compromise of the entire WordPress site.

Why Choose SecurityForEveryone

SecurityForEveryone provides comprehensive security solutions tailored to your needs. By leveraging our advanced scanning tools and expertise, you benefit from:

  • Real-time vulnerability detection and notifications.
  • Expert guidance on remediation and security best practices.
  • Enhanced protection against emerging threats and vulnerabilities. Join SecurityForEveryone today and fortify your digital assets against sophisticated cyber threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture