CVE-2021-24484 — HIGH (7.2)

Q: How severe is CVE-2021-24484?

CVE-2021-24484 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24484?

Check the references section above for vendor advisories and patch information. Affected products include: Ays-Pro Secure Copy Content Protection And Content Locking.

Vulnerability Description

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ays-Pro	Secure Copy Content Protection And Content Locking	< 2.6.7

Related Weaknesses (CWE)

CWE-89

References

https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52cExploitThird Party Advisory
https://wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52cExploitThird Party Advisory

FAQ

What is CVE-2021-24484?

CVE-2021-24484 is a vulnerability with a CVSS score of 7.2 (HIGH). The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statem...

How severe is CVE-2021-24484?

CVE-2021-24484 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24484?

Check the references section above for vendor advisories and patch information. Affected products include: Ays-Pro Secure Copy Content Protection And Content Locking.