Vulnerabilities > CVE-2021-24627 - Unspecified vulnerability in G Auto-Hyperlink Project G Auto-Hyperlink 1.0.1

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

g-auto-hyperlink-project

NVD

Published: 2021-11-08

Updated: 2024-11-21

Summary

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection

Vulnerable Configurations

Part	Description	Count
Application	G_Auto-Hyperlink_Project G Auto Hyperlink Project G Auto Hyperlink - G Auto Hyperlink Project G Auto Hyperlink 1.0.1	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-g-auto-hyperlink/
https://codevigilant.com/disclosure/2021/wp-plugin-g-auto-hyperlink/
https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb
https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb