Lucene search
China National Vulnerability DatabaseCNVD-2022-68917HistoryAug 05, 2021 - 12:00 a.m.
WordPress Secure Copy Content Protection Plugin SQL Injection Vulnerability
2021-08-0500:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
wordpress
secure copy content protection plugin
sql injection
vulnerability
php
get_reports() function
orderby parameter
sql statement
get_results() db call
administration dashboard
sensitive database information
EPSS
0.001
Percentile
36.7%
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The Secure Copy Content Protection Plugin is an application plugin for WordPress. SQL injection vulnerability, which stems from the plugin’s get_reports() function failing to whitelist or validate the orderby parameter before it is used in the SQL statement passed to the get_results() DB call. An attacker could exploit this vulnerability to steal sensitive database information with an injected SQL statement in the administration dashboard.
Related
wpvulndb
wpvulndb
prion
prion
Sql injection
2021-08-02 11:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-24484
2021-08-02 11:15:10
patchstack
patchstack
wpexploit
wpexploit
cve
cve
CVE-2021-24484
2021-08-02 11:15:10