WordPress Plugin Vulnerabilities

Live Forms - Visual Form Builder 3.0.1 - Blind SQL Injection

Description

The AJAX action ‘get_reqlist’ is available to all logged in users. The parameter ‘ipp’ sent to this action is vulnerable to Blind MySQL Injection. This can be leveraged by detecting how long a query takes to return.

Affects Plugins

Plugin icon
liveforms
Fixed in 3.2.0

References

CVE
CVE-2015-9301
URL
https://g0blin.co.uk/g0blin-00034/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
James Hooker
Submitter website
https://research.g0blin.co.uk
Submitter twitter
g0blinResearch
Verified
No
WPVDB ID
61fc6aae-50e2-4af6-81f7-d7f9ee657408

Timeline

Publicly Published
2015-03-18 (about 11 years ago)
Added
2015-03-18 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-03-28
Title
WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) SQL Injection
Published
2015-07-09
Title
WP Statistics <= 9.4 - Authenticated SQL Injection
Published
2021-11-01
Title
BSK PDF Manager < 3.1.2 - Admin+ SQL Injection
Published
2024-09-13
Title
Backuply – Backup, Restore, Migrate and Clone < 1.3.5 - Authenticated (Admin+) SQL Injection
Published
2024-12-14
Title
TSB Occasion Editor <= 1.2.1 - Authenticated (Subscriber+) SQL Injection