WordPress Plugin Vulnerabilities
Translatepress Multilinugal < 2.3.3 - Admin+ SQLi
Description
The plugin is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
Proof of Concept
To exploit the vulnerability, someone must send a specifically crafted request adding a new language containing specific special characters, and then open another page and measure the response time to retrieve data. This can be automated via sqlmap.
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Elias Hohl
Submitter
Elias Hohl
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-07-23 (about 1 years ago)
Added
2022-09-06 (about 1 years ago)
Last Updated
2022-09-06 (about 1 years ago)