The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections
References
Link | Resource |
---|---|
https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67 | Exploit Third Party Advisory |
https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/ - Exploit, Third Party Advisory | |
References | () https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67 - Exploit, Third Party Advisory |
10 Nov 2021, 18:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-08 18:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24629
Mitre link : CVE-2021-24629
CVE.ORG link : CVE-2021-24629
JSON object : View
Products Affected
post_content_xmlrpc_project
- post_content_xmlrpc
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')