Security for everyone

CVE-2021-24666 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in Podlove Podcast Publisher plugin for WordPress affects v. before 3.5.6.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Source

-

Vulnerability Overview

CVE-2021-24666 allows unauthenticated attackers to perform SQL injections through vulnerable REST routes provided by the Social & Donations module in the Podlove Podcast Publisher plugin, potentially leading to sensitive data exposure or unauthorized database modifications.

Vulnerability Details

The vulnerability originates from the plugin's inability to properly sanitize the 'id' and 'category' parameters in the /services/contributor/(?P<id>[\d]+) REST route. An attacker can exploit this flaw to execute arbitrary SQL commands, leading to unauthorized access to the database or manipulation of its contents.

Possible Effects

If exploited, CVE-2021-24666 could result in:

  • Unauthorized access to sensitive information stored in the WordPress database.
  • Modification or deletion of critical data leading to website defacement or downtime.
  • Potential escalation of privileges allowing further exploitation of the WordPress site.

Why Choose SecurityForEveryone

SecurityForEveryone offers comprehensive vulnerability scanning solutions tailored to WordPress and its ecosystem. By subscribing to our services, users benefit from:

  • Real-time detection of emerging vulnerabilities like CVE-2021-24666.
  • Expert guidance on implementing effective security measures.
  • Access to a suite of tools designed to enhance website security posture. Join SecurityForEveryone today and safeguard your WordPress site against critical vulnerabilities and cyber threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture