Lucene search
FourcadeWPEX-ID:ECB74622-EEED-48B6-A944-4E3494D6594DHistoryApr 04, 2024 - 12:00 a.m.
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-0400:00:00
fourcade
44
wordpress
advanced search
sql injection
admin
exploit
security update
Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
1. Log in as an administrator
2. Visit /wp-admin/admin.php?page=advance-search and create a new shortcode
3. In the "Post Type" section, fill the "List of Post Meta Keys" field with the following PoC:
', data=(SELECT sleep(10) FROM wp_users)-- a
4. Save the shortcode, and notice the requests takes a long time to finish, indicating our `sleep(10)` instruction executed in the context of an SQL query.Related
cve
cve
CVE-2024-3265
2024-04-25 22:15:09
wpvulndb
wpvulndb
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-04 00:00:00
nvd
nvd
CVE-2024-3265
2024-04-25 22:15:09
cvelist
cvelist
CVE-2024-3265 WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-25 21:25:07
fedora
fedora
[SECURITY] Fedora 40 Update: freerdp2-2.11.7-1.fc40
2024-05-09 01:41:53
[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39
2024-05-09 02:05:21
[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38
2024-05-09 01:49:12
wordfence
wordfence
7.8 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:ECB74622-EEED-48B6-A944-4E3494D6594D