What is CVE-2021-24931?

CVE-2021-24931 is a vulnerability in Secure Copy Content Protection And Locking, classified under SQL Injection. Published 2021-12-06.

Is CVE-2021-24931 known to be exploited?

15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Secure Copy Content Protection And Locking

CVE-2021-24931

The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before u…

Vulnerability class: SQL Injection

EPSS: 0.722 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Secure Copy Content Protection And Locking — versions 2.8.2

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 (x_refsource_MISC)
packetstormsecurity.com/files/165946/WordPress-Secure-Copy-Content-Protection-A… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24931?: CVE-2021-24931 is a vulnerability in Secure Copy Content Protection And Locking, classified under SQL Injection. Published 2021-12-06.
Is CVE-2021-24931 known to be exploited?: 15 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.