WordPress Plugin Vulnerabilities

Membership by Supsystic <= 1.5.0 - Authenticated SQL Injection

Description

The GET parameter "sidx" and "search are used in a SQL statement without being sanitised when searching for badges in the dashboard, leading to authenticated SQL Injection issues.

v1.4.8 attempted a fix, which was found to not be sufficient

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

membership-by-supsystic

No known fix - plugin closed

References

ExploitDB

49540

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID

9c847b3e-f628-4fec-8c57-dec301362acd

Timeline

Publicly Published

2021-02-08 (about 2 years ago)

Added

2021-02-08 (about 2 years ago)

Last Updated

2021-02-09 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin