Vulnerabilities > CVE-2021-24629 - Unspecified vulnerability in Post Content Xmlrpc Project Post Content Xmlrpc 1.0

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

post-content-xmlrpc-project

NVD

Published: 2021-11-08

Updated: 2024-11-21

Summary

The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections

Vulnerable Configurations

Part	Description	Count
Application	Post_Content_Xmlrpc_Project Post Content Xmlrpc Project Post Content Xmlrpc - Post Content Xmlrpc Project Post Content Xmlrpc 1.0	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/
https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/
https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67
https://wpscan.com/vulnerability/fb42980c-93e5-42d5-a478-c2b348eaea67