Unrated severityNVD Advisory· Published Aug 2, 2021· Updated Aug 3, 2024

Secure Copy Content Protection and Content Locking < 2.6.7 - Authenticated Blind SQL Injections

CVE-2021-24484

Description

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard

Affected products

Ays Pro/Secure Copy Content Protection And Content Lockingv5
Range: 2.6.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/9ce0153d-4a8b-4215-b6b6-15ca68c4f52cmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000