CVE-2021-44779

WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Description

Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed.

Remediation

Solution:

Deactivate and delete. No patched version is available. The plugin was closed on the wordpress.org plugin repository.

References

Link	Tags
https://wordpress.org/plugins/gwa-autoresponder/	third party advisory product
https://patchstack.com/database/vulnerability/gwa-autoresponder/wordpress-gwa-autoresponder-plugin-2-3-unauthenticated-sql-injection-sqli-vulnerability	third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-44779?: CVE-2021-44779 has been scored as a high severity vulnerability.
How to fix CVE-2021-44779?: To fix CVE-2021-44779: Deactivate and delete. No patched version is available. The plugin was closed on the wordpress.org plugin repository.
Is CVE-2021-44779 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-44779 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-44779?: CVE-2021-44779 affects G.J.P. [GWA] AutoResponder (WordPress plugin).

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions