logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection

Description

The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections.

Proof of Concept

https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing

Payload: [aps-social id="1 and sleep(3)"]

Affects Plugins

accesspress-social-icons

Fixed in version 1.8.1

References

CVE

CVE-2021-24143

URL

https://plugins.trac.wordpress.org/changeset/2409015/accesspress-social-icons/trunk/inc/frontend/shortcode.php?old=2139884

ExploitDB

49115

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)

Submitter

khanh

Submitter website

http://research.sun-asterisk.com/

Verified

Yes

WPVDB ID

02c5e10c-1ac7-447e-8ae5-b6d251be750b

Timeline

Publicly Published

2020-11-02 (about 8 months ago)

Added

2020-11-02 (about 8 months ago)

Last Updated

2021-01-22 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin