Ajax Load More < 5.3.2 – Authenticated SQL Injection | CVE 2021-24140

Description

The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.

The attacker needs to be authenticated with the edit_theme_options capability, which only administrators have by default.

Proof of Concept

https://drive.google.com/open?id=14YFYBUdMhYu1vvZrCd9QAhyZQv5rAwdm
https://asciinema.org/a/LRCzXVCkKrVlIkuLXNIKUQdhI

Affects Plugins

ajax-load-more

Fixed in 5.3.2

References

CVE

CVE-2021-24140

Exploitdb

48475

URL

https://plugins.trac.wordpress.org/changeset/2308007

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.0 (critical)

Miscellaneous

Original Researcher

Nguyen Khanh

Submitter

khanh

Verified

WPVDB ID

1876312e-3dba-4909-97a5-afbb76fbc056

Timeline

Publicly Published

2020-05-18 (about 5 years ago)

Added

2020-05-18 (about 5 years ago)

Last Updated

2021-01-21 (about 4 years ago)

Other

Published

Title

Published

2023-10-18

Title

iPanorama 360 – WordPress Virtual Tour Builder < 1.8.1 - Authenticated (Contributor+) SQL Injection via Shortcode

Published

2025-11-07

Title

Quick Featured Images < 13.7.4 - Authenticated (Editor+) SQL Injection via delete_orphaned

Published

2021-07-26

Title

uListing < 2.0.4 - Unauthenticated SQL Injection

Published

2023-06-08

Title

WP EasyCart < 5.4.11 - Administrator+ Time-based SQL Injection

Published

2020-09-06

Title

Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection