Vulnerability Description
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contest Gallery | Contest Gallery | < 13.1.0.6 |
Related Weaknesses (CWE)
References
- https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917ExploitThird Party Advisory
- https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4facExploitThird Party Advisory
- https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917ExploitThird Party Advisory
- https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4facExploitThird Party Advisory
FAQ
What is CVE-2021-24915?
CVE-2021-24915 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when ...
How severe is CVE-2021-24915?
CVE-2021-24915 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24915?
Check the references section above for vendor advisories and patch information. Affected products include: Contest Gallery Contest Gallery.