QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24931

Published: Dec 6, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

Vendor	Product	Versions
Unknown	Secure Copy Content Protection and Content Locking	affected `2.8.2 - < 2.8.2`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231

x_refsource_MISC

http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.