What is CVE-2021-24285?

CVE-2021-24285 is a vulnerability in Car Seller - Auto Classifieds Script, classified under SQL Injection. Published 2021-05-14.

Is CVE-2021-24285 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Car Seller - Auto Classifieds Script

CVE-2021-24285

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter bef…

Vulnerability class: SQL Injection

EPSS: 0.894 (99.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Car Seller - Auto Classifieds Script — versions 2.1.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/f35d6ab7-dd52-48b3-a79c-3f89edf24162 (x_refsource_CONFIRM)
codevigilant.com/disclosure/2021/24-04-2021-wp-plugin-cars-seller-auto-classifi… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24285?: CVE-2021-24285 is a vulnerability in Car Seller - Auto Classifieds Script, classified under SQL Injection. Published 2021-05-14.
Is CVE-2021-24285 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.