CVE-2021-24666

CVE-2021-24666: Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection

Vendor Unknown
Product Podlove Podcast Publisher
Weakness CWE-89 · SQLi
Published September 27, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.

Key dates

02Disclosure timeline

September 27, 2021 CVE published
August 3, 2024 Record updated