CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-24931

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile14.59th
Published2021年12月6日
Last Modified2024年11月21日

Vulnerability Description

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.

Affected Platforms (CPE)

📦
Ays Pro

Secure Copy Content Protection And Content Locking

< 2.8.2

References & Advisories

🔗 http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.html
🔗 https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
🔗 http://packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-And-Content-Locking-2.8.1-SQL-Injection.html
🔗 https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231

相關漏洞威脅

CVE-2021-244847.2

The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whi...

CVE-2026-92693.5

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its sett...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...