WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection CVE-2021-24340 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

WordPress Plugin WP Statistics 13.0-.7 - Unauthenticated Time-Based Blind SQL Injection CVE-2021-24340 Scanner Detail

WordPress Plugin WP Statistics 13.0-.7 allows SQL Injection vulnerability.

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.

Some Advice for Common Problems

  • You need to apply related fixes.
  • Sanitize all parameters received as input from the user.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service