WordPress Plugin Vulnerabilities

Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

Description

The plugin is affected by a SQL Injection in the id parameter of the delete action.

Proof of Concept

Affects Plugins

Plugin icon
ad-invalid-click-protector
Fixed in 1.2.6

References

CVE
CVE-2022-0190

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
ae322f11-d8b4-4b69-9efa-0fb87475fa44

Timeline

Publicly Published
2022-01-14 (about 3 years ago)
Added
2022-01-14 (about 3 years ago)
Last Updated
2022-04-12 (about 3 years ago)

Other

Published
Title
Published
2021-08-22
Title
The Sorter <= 1.0 - Authenticated SQL Injection
Published
2025-03-31
Title
History Log by click5 <= 1.0.13 - Unauthenticated SQL Injection
Published
2022-02-11
Title
Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
Published
2023-10-30
Title
Message ticker < 9.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
Published
2021-08-22
Title
GSEOR <= 1.3 - Authenticated SQL Injection