WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin

Proof of Concept

With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in the language_code column: en' union select if(user_login='wordpress',sleep(5),null) from wp_users#

Affects Plugins

wp-ultimate-csv-importer
Fixed in version 6.5.8

References

CVE
CVE-2022-3243

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Sanjay Das

Submitter

Sanjay Das

Submitter website
https://p3n7a90n.github.io/
Submitter twitter
p3n7a90n
Verified

Yes

WPVDB ID
9f03bc1a-214f-451a-89fd-2cd3517e8f8a

Timeline

Publicly Published

2022-09-20 (about 6 months ago)

Added

2022-09-20 (about 6 months ago)

Last Updated

2022-09-20 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin