← back
CVE-2021-24931

Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection

EPSS 78.8%CWE-89
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
Affected products
Unknown · Secure Copy Content Protection and Content Locking
public PoCs found2
cve_referencepacketstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50733unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.htmlhttps://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231