CVE-2021-24554

🗓️ 23 Aug 2021 11:10:09Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 70 Views🌐 WEB

The Paytm – Donation Plugin WordPress plugin through 1.3.2 allows authenticated SQL injection via the id GET parameter

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-24554	23 Aug 202116:23	–	circl
CNNVD	WordPress plugin SQL注入漏洞	23 Aug 202100:00	–	cnnvd
Cvelist	CVE-2021-24554 Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection	23 Aug 202111:10	–	cvelist
Nuclei	WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection	6 Jun 202603:01	–	nuclei
NVD	CVE-2021-24554	23 Aug 202112:15	–	nvd
OSV	CVE-2021-24554	23 Aug 202112:15	–	osv
Patchstack	WordPress Paytm plugin <= 1.3.2 - Authenticated SQL Injection (SQLi) vulnerability	24 Jul 202100:00	–	patchstack
Prion	Sql injection	23 Aug 202112:15	–	prion
RedhatCVE	CVE-2021-24554	22 May 202519:22	–	redhatcve
wpexploit	Paytm - Donation Plugin <= 1.3.2 - Authenticated (admin+) SQL Injection	24 Jul 202100:00	–	wpexploit

NVD

Vulners

Node

freelancetoindia paytm-payRange≤1.3.2wordpress

[
  {
    "product": "Paytm – Donation Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.3.2",
        "status": "affected",
        "version": "1.3.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/f2842ac8-76fa-4490-aa0c-5f2b07ecf2ad
codevigilant	www.codevigilant.com/disclosure/2021/wp-plugin-wp-paytm-pay/

Parameter	Position	Path	Description	CWE
id	query param	wp-admin/admin.php?page=wp_paytm_donation&action=delete&id=1%20AND%20(SELECT%205581%20FROM%20(SELECT(SLEEP(5)))Pjwy)	Authenticated SQL injection via unsanitized id parameter in delete donation action	CWE-89

21 Nov 2024 05:53Current

7.1High risk

Vulners AI Score7.1

CVSS 26.5

CVSS 3.17.2

EPSS0.21043

CWE-89