Enhancement: cves/2021/CVE-2021-24931.yaml by md

cves/2021/CVE-2021-24931.yaml

@@ -1,16 +1,16 @@
 id: CVE-2021-24931
 
 info:
-  name: Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection
+  name: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
   author: theamanrawat
   severity: critical
   description: |
-    The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
+    WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
   reference:
     - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231
     - https://wordpress.org/plugins/secure-copy-content-protection/
     - https://nvd.nist.gov/vuln/detail/CVE-2021-24931
-  remediation: Fixed in version 2.8.2
+  remediation: Fixed in version 2.8.2.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
@@ -35,3 +35,5 @@ requests:
           - 'contains(content_type, "text/html")'
           - 'contains(body, "{\"status\":true")'
         condition: and
+
+# Enhanced by md on 2023/03/13