CVE-2021-24862 Scanner

Detects 'SQL Injection (SQLi)' vulnerability in WordPress RegistrationMagic plugin for WordPress affects v. before 5.0.1.6.

Short Info

Level

High

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Toolbox

-

Vulnerability Overview

CVE-2021-24862 exposes WordPress sites to SQL injection attacks via the RegistrationMagic plugin. It specifically impacts the functionality related to duplicating tasks in batches, where user input is not properly sanitized before being used in SQL queries.

Vulnerability Details

The issue is found in the 'rm_chronos_ajax' AJAX action, where parameters related to task duplication are not adequately escaped. This flaw allows authenticated users, especially those with administrative access, to inject arbitrary SQL commands, potentially leading to data breaches or unauthorized administrative actions.

Possible Effects

Exploiting CVE-2021-24862 could result in:

Unauthorized access to sensitive database information.
Modification or deletion of crucial data, affecting site integrity.
Execution of unauthorized administrative operations.

Why Choose SecurityForEveryone

At SecurityForEveryone, we prioritize your digital safety with cutting-edge vulnerability scanning tools and expert insights. By choosing us, you gain:

Real-time alerts on vulnerabilities like CVE-2021-24862.
Customized remediation strategies to protect your WordPress site.
Comprehensive security assessments to prevent future exploits. Secure your online presence with SecurityForEveryone and stay one step ahead of cyber threats.

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product