WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection

Description

The Welcart e-Commerce WordPress plugin, less than version 2.1.1 and possibly below, was vulnerable to authenticated SQLI Injection in the search[order_column][0] POST parameter of the "/wp-admin/admin.php?page=usces_orderlist" page.

Proof of Concept

Refer to references.

Affects Plugins

usc-e-shop

Fixed in version 2.1.1

References

URL

https://plugins.trac.wordpress.org/changeset/2458780/usc-e-shop/trunk/classes/memberList.class.php

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Erik David Martin

Verified

WPVDB ID

65e643c4-f55e-47bf-8ba3-136c54aff1b2

Timeline

Publicly Published

2021-02-08 (about 1 years ago)

Added

2021-02-08 (about 1 years ago)

Last Updated

2021-02-08 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin