CVE-2021-24666 Scanner

Vulnerability Overview

CVE-2021-24666 allows unauthenticated attackers to perform SQL injections through vulnerable REST routes provided by the Social & Donations module in the Podlove Podcast Publisher plugin, potentially leading to sensitive data exposure or unauthorized database modifications.

Vulnerability Details

The vulnerability originates from the plugin's inability to properly sanitize the 'id' and 'category' parameters in the /services/contributor/(?P<id>[\d]+) REST route. An attacker can exploit this flaw to execute arbitrary SQL commands, leading to unauthorized access to the database or manipulation of its contents.

Possible Effects

If exploited, CVE-2021-24666 could result in:

• Unauthorized access to sensitive information stored in the WordPress database.
• Modification or deletion of critical data leading to website defacement or downtime.
• Potential escalation of privileges allowing further exploitation of the WordPress site.

Why Choose SecurityForEveryone

SecurityForEveryone offers comprehensive vulnerability scanning solutions tailored to WordPress and its ecosystem. By subscribing to our services, users benefit from:

• Real-time detection of emerging vulnerabilities like CVE-2021-24666.
• Expert guidance on implementing effective security measures.
• Access to a suite of tools designed to enhance website security posture. Join SecurityForEveryone today and safeguard your WordPress site against critical vulnerabilities and cyber threats.

References

• WPScan Vulnerability Report
• Podlove Publisher Plugin on WordPress
• Podlove Publisher GitHub Commit
• NVD - CVE-2021-24666