{"id":"CVE-2021-24666","details":"The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P\u003cid\u003e[\\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.","modified":"2026-04-10T04:30:49.991507Z","published":"2021-09-27T16:15:09.107Z","references":[{"type":"FIX","url":"https://github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801adee09b020c6d76"},{"type":"FIX","url":"https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/podlove/podlove-publisher","events":[{"introduced":"0"},{"fixed":"ebc01144d3eccaf44a40ed9cc2f88a428894d78e"},{"fixed":"aa8a343a2e2333b34a422f801adee09b020c6d76"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.5.6"}]}}],"versions":["1.10.10-alpha","1.10.11-alpha","1.10.14-alpha","1.10.15-alpha","1.10.16-alpha","1.10.17-alpha","1.10.18-alpha","1.10.19-alpha","1.10.20-alpha","1.10.21-alpha","1.10.22-alpha","1.10.23-alpha","1.10.3-alpha","1.10.4-alpha","1.10.5-alpha","1.10.6-alpha","1.10.7-alpha","1.10.8-alpha","1.10.9-alpha","1.11-alpha","1.11.1-alpha","1.11.2-alpha","1.9.10-alpha","1.9.11-alpha","1.9.12-alpha","1.9.3-alpha","1.9.4-alpha","1.9.5-alpha","1.9.6-alpha","1.9.8-alpha","1.9.9-alpha","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.1.0","2.1.1","2.1.2","2.1.3","2.10.0","2.11.0","2.11.1","2.11.2","2.11.3","2.11.4","2.2.0","2.3.0","2.3.1","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.4.0","2.5.0","2.6.0","2.6.1","2.6.2","2.6.3","2.6.4","2.7.0","2.8.0","2.8.1","2.8.10","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.9.0","2.9.1","2.9.10","2.9.2","2.9.3","2.9.4","2.9.5","2.9.6","2.9.8","2.9.9","3.0.0","3.0.1","3.0.2","3.0.4","3.1-beta1","3.1-beta2","3.1-beta3","3.1-beta4","3.1.1","3.1.1-beta1","3.1.1-beta2","3.1.1-beta3","3.1.1-beta4","3.1.1-beta5","3.1.1-beta6","3.1.1-beta7","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.2","3.1.3","3.1.4","3.1.6","3.1.7","3.1.8","3.1.9","3.2.0","3.2.0-beta1","3.2.0-beta2","3.2.0-beta3","3.2.0-beta4","3.2.0-beta5","3.2.0-beta6","3.2.1","3.2.2","3.2.2-beta1","3.2.2-beta10","3.3.0","3.3.1","3.3.1-beta1","3.3.1-beta2","3.3.1-beta3","3.3.2","3.4.0","3.4.0-beta2","3.4.0-beta3","3.4.1","3.4.2-beta1","3.4.2-beta2","3.5.0","3.5.0-beta1","3.5.0-beta2","3.5.0-beta3","3.5.0-beta4","3.5.0-beta5","3.5.0-beta6","3.5.0-beta7","3.5.0-beta8","3.5.0-beta9","3.5.1","3.5.2","3.5.2-beta1","3.5.3","3.5.4","3.5.4-beta1","3.5.5","3.5.5-beta1","3.5.5-beta2","3.5.5-beta3","3.5.5-beta4","3.5.5-beta5","refs/heads/shownotes-module"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-24666.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}