WordPress Plugin Vulnerabilities

WPML String Translation < 3.2.6 - Admin+ SQLi

Description

The context parameter on the String Translation admin page is passed directly into SQL queries without being properly sanitized, allowing SQL injection.

Proof of Concept

Visit:

.../wp-admin/admin.php?page=wpml-string-translation%2Fmenu%2Fstring-translation.php&context=Test%26%23039%3Bing

to see a database error generated due to the unescaped apostrophe. This is present in the Debug Log.

`AND s.context = 'Test'ing' AND TRIM(s.value) ...`

Affects Plugins

Plugin icon
wpml-string-translation
Fixed in 3.2.6

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Stephen
Submitter
Stephen
Verified
Yes
WPVDB ID
2e4aa0c3-82a2-45ab-932c-415bd82d28e0

Timeline

Publicly Published
2023-07-24 (about 4 months ago)
Added
2023-07-24 (about 4 months ago)
Last Updated
2023-08-01 (about 4 months ago)

Other

Published
Title
Published
2020-05-25
Title
Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection
Published
2018-09-05
Title
Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes
Published
2012-03-31
Title
Buddypress <= 1.5.4 - SQL Injection
Published
2023-11-07
Title
Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection
Published
2023-01-12
Title
Survey Maker < 3.1.2 - Subscriber+ SQLi