What is CVE-2021-24849?

CVE-2021-24849 is a vulnerability in Wcfm Marketplace – Best Multivendor For Woocommerce, classified under SQL Injection. Published 2021-12-21.

Is CVE-2021-24849 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Wcfm Marketplace – Best Multivendor For Woocommerce

CVE-2021-24849

The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading t…

Vulnerability class: SQL Injection

EPSS: 0.746 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Wcfm Marketplace – Best Multivendor For Woocommerce — versions 3.4.12

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24849?: CVE-2021-24849 is a vulnerability in Wcfm Marketplace – Best Multivendor For Woocommerce, classified under SQL Injection. Published 2021-12-21.
Is CVE-2021-24849 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.