WordPress Plugin Vulnerabilities

Article Analytics <= 1.0 - Unauthenticated SQL injection

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
article-analytics
No known fix

References

CVE
CVE-2023-5640
URL
https://devl00p.github.io/posts/Injection-SQL-dans-le-plugin-Wordpress-Article-Analytics/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.2 (high)

Miscellaneous

Original Researcher
Nicolas Surribas
Submitter
Nicolas Surribas
Submitter website
https://devl00p.github.io/
Submitter twitter
devl00p
Verified
Yes
WPVDB ID
9a383ef5-0f1a-4894-8f78-845abcb5062d

Timeline

Publicly Published
2023-10-27 (about 2 years ago)
Added
2023-10-27 (about 2 years ago)
Last Updated
2023-10-31 (about 2 years ago)

Other

Published
Title
Published
2023-01-23
Title
WP Yelp Review Slider < 7.1 - Subscriber+ SQLi
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Admin+ SQL Injection
Published
2014-08-01
Title
ForumConverter - SQL Injection
Published
2015-03-13
Title
WooCommerce 2.3 - 2.3.5 - SQL Injection
Published
2025-01-24
Title
RSVP and Event Management Plugin < 2.7.15 - Authenticated (Administrator+) SQL Injection