CVE-2021-24849 Scanner

Vulnerability Overview:

• CVE Identifier: CVE-2021-24849
• Vulnerable Component: WCFM WooCommerce Multivendor Marketplace plugin
• Parameters Affected: Multiple parameters in the wcfm_ajax_controller AJAX action
• Issue: Insufficient sanitization leading to SQL Injection

Vulnerability Details:

The vulnerability arises from the plugin's failure to adequately sanitize user-supplied input before using it in SQL queries. This oversight makes it possible for attackers to manipulate SQL queries by injecting malicious SQL code through the plugin’s AJAX action wcfm_ajax_controller. The affected parameters include transaction_id, among others, which can be exploited by both unauthenticated and authenticated users.

Possible Effects:

Exploiting this vulnerability could allow attackers to gain unauthorized access to the database, retrieve sensitive information, modify database entries, and potentially compromise the WordPress site. This could lead to data breaches, identity theft, and unauthorized administrative operations.

Why Choose SecurityForEveryone:

SecurityForEveryone (S4E) provides comprehensive vulnerability scanning solutions tailored to your security needs. By choosing S4E, you benefit from:

• Continuous Monitoring: Stay ahead of threats with real-time alerts and updates.
• Expert Support: Gain access to cybersecurity experts for guidance on vulnerability mitigation.
• Customizable Scans: Tailor scans to fit the specific needs of your organization, ensuring thorough coverage and protection.

References:

• WCFM Marketplace Vulnerability Analysis
• CVE-2021-24849 Detail
• Plugin Update Announcement