WordPress Plugin Vulnerabilities

WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection

Description

The options.php file of the plugin accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice.

Proof of Concept

Affects Plugins

Plugin icon
wp-board
No known fix

References

CVE
CVE-2021-24404
URL
https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.4 (critical)

Miscellaneous

Original Researcher
Syed Sheeraz Ali of Codevigilant
Verified
Yes
WPVDB ID
a86240e1-f064-4972-9f97-6b349fdd57f6

Timeline

Publicly Published
2021-08-22 (about 4 years ago)
Added
2021-08-23 (about 4 years ago)
Last Updated
2022-03-07 (about 3 years ago)

Other

Published
Title
Published
2021-12-15
Title
Post Grid < 2.1.13 - Contributor+ SQL Injection
Published
2023-10-02
Title
Most Popular Posts Widget < 0.9 - Admin+ SQL injection
Published
2014-08-01
Title
WP Realty - MySQL Time Based Injection
Published
2024-10-31
Title
Easy Gallery <= 1.4 - Authenticated (Contributor+) SQL Injection
Published
2014-08-01
Title
WordPress <= 1.5.1.1 - "add new admin" SQL Injection