This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection in WordPress 'Contest Gallery' plugin. π **Consequences**: Attackers can steal user lists (usernames & emails) and execute arbitrary SQL commands.β¦
π‘οΈ **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command. π **Flaw**: The plugin fails to sanitize/escape the `cg-search-user-name-original` parameter before using it in SQL queries.β¦
π **Threshold**: LOW. π« **Auth**: No authentication needed (Unauthenticated). βοΈ **Config**: Exploits the 'export users from gallery' feature. π― **Ease**: Direct parameter manipulation via `cg-search-user-name-original`.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **PoC**: Yes, available via Nuclei templates (ProjectDiscovery). π **Detection**: Public YAML templates exist for automated scanning. π **Wild Exploit**: Likely widespread due to low barrier to entry and public PoCs.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for 'Contest Gallery' plugin version < 13.1.0.6. π§ͺ **Test**: Use Nuclei template `CVE-2021-24915.yaml`. π‘ **Indicator**: Look for SQL errors or unexpected data in user export endpoints.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. π **Patch**: Upgrade Contest Gallery plugin to version **13.1.0.6** or later. π οΈ **Vendor Action**: WordPress Foundation/Plugin developer released the fix.
Q9What if no patch? (Workaround)
π§ **Workaround**: Disable the 'Contest Gallery' plugin immediately if patching isn't possible. π« **Block**: Restrict access to the plugin's export endpoints via WAF or firewall rules.β¦