What is CVE-2021-24666?

CVE-2021-24666 is a vulnerability in Podlove Podcast Publisher, classified under SQL Injection. Published 2021-09-27.

Is CVE-2021-24666 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Podlove Podcast Publisher

CVE-2021-24666

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as argum…

Vulnerability class: SQL Injection

EPSS: 0.860 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Podlove Podcast Publisher — versions 3.5.6

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe (x_refsource_MISC)
github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801adee09b020… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24666?: CVE-2021-24666 is a vulnerability in Podlove Podcast Publisher, classified under SQL Injection. Published 2021-09-27.
Is CVE-2021-24666 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.