The plugin is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
To exploit the vulnerability, someone must send a specifically crafted request adding a new language containing specific special characters, and then open another page and measure the response time to retrieve data. This can be automated via sqlmap.
Elias Hohl
Elias Hohl
Yes
2022-07-23 (about 6 months ago)
2022-09-06 (about 4 months ago)
2022-09-06 (about 4 months ago)