WordPress Plugin Vulnerabilities
uListing < 1.7 - Unauthenticated SQL Injections
Description
The /1/api/ulisting-page-statistics/listing REST route did not sanitise or escape the listing_id and user_id GET parameters before using them in a SQL statement, leading to an SQL Injection issue.
The plugin also did not sanitise and escape the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR which are then used in a SQL statement. As these can be spoofed/forged, unauthenticated users could perform SQL Injection
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jerome Bruandet
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-01-28 (about 3 years ago)
Added
2021-01-28 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)