CVE-2021-24915

The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
contest_gallerycontest_gallery
𝑥
< 13.1.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917
https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac
https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917
https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac