Login Sign Up

CVE-2021-24943

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites running vulnerable versions of the Registrations for the Events Calendar plugin. Attackers can potentially access, modify, or delete database content, including sensitive user data. All WordPress sites with the vulnerable plugin installed are affected.

💻 Affected Systems

Products:
  • Registrations for the Events Calendar WordPress Plugin
Versions: All versions before 2.7.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default plugin configuration. No special configuration required for exploitation.

📦 What is this software?

Registrations For The Events Calendar by Roundupwp

View all CVEs affecting Registrations For The Events Calendar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, site takeover, or remote code execution via SQL injection.

🟠

Likely Case

Data exfiltration of user information, plugin/theme manipulation, or site defacement.

🟢

If Mitigated

Limited impact if proper WAF rules, input validation, and database permissions are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple SQL injection via AJAX endpoint with no authentication required. Public exploit scripts are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.6

Vendor Advisory: https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Registrations for the Events Calendar'. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.7.6+ from WordPress repository.

🔧 Temporary Workarounds

Disable vulnerable AJAX endpoint

all

Block access to the rtec_send_unregister_link AJAX action via .htaccess or web application firewall.

# Add to .htaccess:
RewriteCond %{QUERY_STRING} action=rtec_send_unregister_link [NC]
RewriteRule .* - [F,L]

🧯 If You Can't Patch

  • Disable or uninstall the Registrations for the Events Calendar plugin immediately.
  • Implement strict WAF rules to block SQL injection patterns targeting the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for 'Registrations for the Events Calendar' version number.

Check Version:

wp plugin list --name='registrations-for-the-events-calendar' --field=version

Verify Fix Applied:

Confirm plugin version is 2.7.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin-ajax.php with action=rtec_send_unregister_link containing SQL syntax

Network Indicators:

  • SQL error messages in HTTP responses, unusual database query patterns

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND query="*action=rtec_send_unregister_link*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*" OR query="*DELETE*")

📊 Metadata

CVE ID: CVE-2021-24943
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24943, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)