CVE-2021-24666

high-risk
Published 2021-09-27

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.

Do I need to act?

!
81.0% chance of exploitation in next 30 days
EPSS score — higher than 19% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: ebc01144d3eccaf44a40ed9cc2f88a428894d78e, aa8a343a2e2333b34a422f801adee09b020c6d76
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Podlove

References (4)

Patch https://github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801ade...
Exploit https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe
Patch https://github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801ade...
Exploit https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal