CVE-2021-24915 – This vulnerability in the Contest Gallery WordP... (How to Fix)

Q: What is the severity of CVE-2021-24915?

CVE-2021-24915 has a CVSS score of 9.8 (CRITICAL). This vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attackers to perform SQL injection attacks and retrieve all registered users' usernames and email addresses. It affects WordPress sites using vulnerable versions of the plugin due to missing capability checks and improper input sanitization.

📋 TL;DR

This vulnerability in the Contest Gallery WordPress plugin allows unauthenticated attackers to perform SQL injection attacks and retrieve all registered users' usernames and email addresses. It affects WordPress sites using vulnerable versions of the plugin due to missing capability checks and improper input sanitization.

💻 Affected Systems

Products:

Contest Gallery WordPress Plugin

Versions: All versions before 13.1.0.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable plugin versions enabled.

📦 What is this software?

Contest Gallery by Contest Gallery

View all CVEs affecting Contest Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and potential site takeover via SQL injection.

🟠

Likely Case

Unauthenticated attackers extract user data (usernames and emails) and potentially execute limited SQL queries.

🟢

If Mitigated

No impact if plugin is patched or workarounds are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exists, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.1.0.6

Vendor Advisory: https://wordpress.org/plugins/contest-gallery/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Contest Gallery plugin. 4. Click 'Update Now' if available, or manually update to version 13.1.0.6 or later.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the Contest Gallery plugin until patched.

wp plugin deactivate contest-gallery

Web Application Firewall Rule

all

Block requests containing 'cg-search-user-name-original' parameter.

🧯 If You Can't Patch

Disable the Contest Gallery plugin immediately.
Implement network-level filtering to block exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Contest Gallery version number.

Check Version:

wp plugin get contest-gallery --field=version

Verify Fix Applied:

Confirm plugin version is 13.1.0.6 or higher.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'cg-search-user-name-original' parameter with SQL injection patterns
Unusual database queries from web server process

Network Indicators:

POST requests to /wp-admin/admin-ajax.php with cg-search-user-name-original parameter
SQL error messages in HTTP responses

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (param="cg-search-user-name-original" OR message="SQL syntax")

📊 Metadata

CVE ID: CVE-2021-24915

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: November 29, 2021

Last Updated: November 21, 2024

🔗 References

https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac Exploit,Third Party Advisory
https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24915, you might also want to check these: