PT-2021-15925 · WordPress · Wordpress Membership Swiftcloud.Io

Syed Sheeraz Ali

Published

2021-09-06

Updated

2021-09-09

CVE-2021-24392

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WordPress Membership SwiftCloud.io WordPress plugin versions 1.0 and earlier

Description The issue arises from the improper sanitization, escaping, or validation of the id GET parameter in the WordPress Membership SwiftCloud.io WordPress plugin, leading to SQL injection.

Recommendations For WordPress Membership SwiftCloud.io WordPress plugin versions 1.0 and earlier, consider updating to a version where this issue is fixed, as using an unsanitized id GET parameter poses a significant risk. As a temporary workaround, restrict access to any API endpoints that utilize the id parameter to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2021-24392

Affected Products

Wordpress Membership Swiftcloud.Io

PT-2021-15925 · WordPress · Wordpress Membership Swiftcloud.Io

CVE-2021-24392

Weakness Enumeration

Related Identifiers

Affected Products

References · 5