Is CVE-2021-24731 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes

CVE-2021-24731

The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/log…

Vulnerability class: SQL Injection

EPSS: 0.681 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes — versions 3.7.1.6

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24731?: CVE-2021-24731 is a vulnerability in Registration Forms – User Profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes, classified under SQL Injection. Published 2021-11-08.
Is CVE-2021-24731 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.