Security for everyone

CVE-2021-24849 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in WCFM WooCommerce Multivendor Marketplace plugin for WordPress affects v. before 3.4.12.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2021-24849 Scanner Detail

Vulnerability Overview:

  • CVE Identifier: CVE-2021-24849
  • Vulnerable Component: WCFM WooCommerce Multivendor Marketplace plugin
  • Parameters Affected: Multiple parameters in the wcfm_ajax_controller AJAX action
  • Issue: Insufficient sanitization leading to SQL Injection

Vulnerability Details:

The vulnerability arises from the plugin's failure to adequately sanitize user-supplied input before using it in SQL queries. This oversight makes it possible for attackers to manipulate SQL queries by injecting malicious SQL code through the plugin’s AJAX action wcfm_ajax_controller. The affected parameters include transaction_id, among others, which can be exploited by both unauthenticated and authenticated users.

Possible Effects:

Exploiting this vulnerability could allow attackers to gain unauthorized access to the database, retrieve sensitive information, modify database entries, and potentially compromise the WordPress site. This could lead to data breaches, identity theft, and unauthorized administrative operations.

Why Choose SecurityForEveryone:

SecurityForEveryone (S4E) provides comprehensive vulnerability scanning solutions tailored to your security needs. By choosing S4E, you benefit from:

  • Continuous Monitoring: Stay ahead of threats with real-time alerts and updates.
  • Expert Support: Gain access to cybersecurity experts for guidance on vulnerability mitigation.
  • Customizable Scans: Tailor scans to fit the specific needs of your organization, ensuring thorough coverage and protection.


cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture