Security for everyone

CVE-2021-24791 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Header Footer Code Manager plugin for WordPress affects v. before 1.1.14.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24791 Scanner Detail

Vulnerability Overview

CVE-2021-24791 allows authenticated attackers (with admin privileges) to execute SQL injections in the Header Footer Code Manager plugin, potentially leading to data exposure or unauthorized database modifications.

Vulnerability Details

The flaw is found in the handling of the "orderby" and "order" request parameters in the plugin's Snippets admin dashboard. By manipulating these parameters, an attacker can inject and execute arbitrary SQL commands, leading to unauthorized data access or manipulation.

Possible Effects

Exploitation of CVE-2021-24791 can lead to:

  • Unauthorized access to sensitive WordPress database information.
  • Modification or deletion of database content, potentially causing website malfunction or data loss.
  • Escalation of privileges within the WordPress environment.

Why Choose SecurityForEveryone

SecurityForEveryone offers robust security solutions to protect WordPress websites from vulnerabilities like CVE-2021-24791. Our platform provides:

  • Advanced scanning tools to detect vulnerabilities swiftly.
  • Expert advice on mitigation and preventive measures.
  • Regular updates and insights on emerging security threats. Opt for SecurityForEveryone to fortify your WordPress site against sophisticated cyber threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture