17 matches found
WP AutoComplete 1.0.4 - Unauthenticated SQLi
Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi Date: 30/06/2023 Exploit Author: Matin nouriyan matitanium Version: = 1.0.4 CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ Tested on: Kali linux --------------------------------------- The WP...
Ultimate Addons for Contact Form 7 < 3.1.24 - Unauthenticated SQLi
The plugin does not properly sanitise and escape the id and formid parameters before using them in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
10WebMapBuilder < 1.0.73 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Note: /2022/12/29/map/ is page/post where the GoogleMapsWD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type:...
Wordpress Paid Membership Pro code Unauthenticated SQLi
Paid Membership Pro, a WordPress plugin, prior to 2.9.8 is affected by an unauthenticated SQL injection via the code parameter. Remote attackers can exploit this vulnerability to dump usernames and password hashes from the wpusers table of the affected WordPress installation. These password hashe...
WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the following...
WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection PoC curl -isk -X 'POST' -H "Content-Type: application/json" --data '"sku":"a" AND SELECT 42 FROM SELECTSLEEP5wlHd--...
AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection To read the userlogin and userpass columns from the wpusers table:...
KiviCare < 2.3.9 - Unauthenticated SQLi
The plugin does not sanitise and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route, leading to SQL Injections exploitable by unauthenticated users PoC With at least one doctor created via the plugin: v 2.3.4 curl...
CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi
The plugin does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack On a page where the codepeople-image-store is embed, append the following...
CVE-2022-0657 5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi
The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection...
Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi
The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections curl https://example.com/wp-admin/admin-ajax.php \ --data...
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi
The plugin does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection curl 'http://example.com/?restroute=/olistener/new' --data '"id":" SELECT SLEEP3"' -H 'content-type: application/json'...
Documentor <= 1.5.3 - Unauthenticated SQLi
The plugin fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. curl https://example.com/wp-admin/admin-ajax.php --data 'action=docsearchresults&term=&docid=1 AND SELECT 628...
5 Stars Rating Funnel < 1.2.53 - Unauthenticated SQLi
Description The plugin does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtnggdeleteleads AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue. There is an attempt to sanitise the input, using...
NotificationX < 2.3.12 - Unauthenticated SQLi
The plugin does not validate and escape the id parameter in its notificationx/v1/notification REST endpoint before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL Injection attacks. PoC The apikey is the md5 of the homeurl either with http or https protocol...
Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection Vulnerability
Exploit for windows platform in category remote exploits Exploit Title: Sysaid Helpdesk Software Unauthenticated SQLi Date: 28.11.2015 Exploit Author: hland Vendor Homepage: https://www.sysaid.com/ Version: v14.4.32 b25 Tested on: Windows 7, Windows 10 Blog post:...