.. / CVE-2021-24340

Exploit for WordPress Statistics <13.0.8 - Blind SQL Injection (CVE-2021-24340)

Description:

WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.

Nuclei Template

View the template here CVE-2021-24340.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24340.yaml
Copy

References:

https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
https://github.com/Udyz/WP-Statistics-BlindSQL
https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
https://nvd.nist.gov/vuln/detail/CVE-2021-24340
https://www.exploit-db.com/exploits/49894