WordPress Plugin Vulnerabilities

KNR Author List Widget < 3.0.0 - Unauthenticated SQL Injection

Description

The plugin does not sanitise and escape the listitem parameter before using it in a SQL statement in the knrAuthorListCustomSortSave.php file, leading to an unauthenticated SQL Injection

Proof of Concept

Affects Plugins

Plugin icon
knr-author-list-widget
Fixed in 3.0.0

References

Exploitdb
17791

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.3 (critical)

Miscellaneous

Original Researcher
Miroslav Stampar
Verified
Yes
WPVDB ID
f2497798-90dd-4f93-b6ff-31e02f8ca6fc

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2021-12-27 (about 4 years ago)

Other

Published
Title
Published
2014-08-01
Title
mTouch Quiz 3.0.6 - question.php quiz Parameter SQL Injection
Published
2015-10-09
Title
Limit Attempts < 1.1.1 - SQL Injection
Published
2023-01-19
Title
GiveWP < 2.24.1 - Unauthenticated SQLi
Published
2025-01-24
Title
Email Subscription Popup < 1.2.24 - Authenticated (Administrator+) SQL Injection
Published
2023-12-21
Title
E2Pdf < 1.20.24 - Authenticated(Administrator+) SQL Injection