WordPress Plugin Vulnerabilities

Welcart e-Commerce < 2.1.1 - Authenticated SQL Injection

Description

The Welcart e-Commerce WordPress plugin, less than version 2.1.1 and possibly below, was vulnerable to authenticated SQLI Injection in the search[order_column][0] POST parameter of the "/wp-admin/admin.php?page=usces_orderlist" page.

Proof of Concept

Affects Plugins

Plugin icon
usc-e-shop
Fixed in 2.1.1

References

URL
https://plugins.trac.wordpress.org/changeset/2458780/usc-e-shop/trunk/classes/memberList.class.php

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.7 (medium)

Miscellaneous

Original Researcher
Erik David Martin
Verified
No
WPVDB ID
65e643c4-f55e-47bf-8ba3-136c54aff1b2

Timeline

Publicly Published
2021-02-08 (about 5 years ago)
Added
2021-02-08 (about 5 years ago)
Last Updated
2021-02-08 (about 5 years ago)

Other

Published
Title
Published
2023-10-30
Title
Jquery accordion slideshow < 8.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Published
2025-05-01
Title
Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager < 4.89 - Unauthenticated SQL Injection
Published
2021-07-24
Title
Broken Link Manager <= 0.6.5 - Authenticated (admin+) SQL Injection
Published
2021-05-03
Title
Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection
Published
2024-11-08
Title
WP Contest <= 1.0.0 - Authenticated (Contributor+) SQL Injection