Lucene search

K
wpvulndbKhanhWPVDB-ID:1876312E-3DBA-4909-97A5-AFBB76FBC056
HistoryMay 18, 2020 - 12:00 a.m.

Ajax Load More < 5.3.2 - Authenticated SQL Injection

2020-05-1800:00:00
khanh
wpscan.com
10

The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=’ or sleep(5)#&type;=test. The attacker needs to be authenticated with the edit_theme_options capability, which only administrators have by default.

PoC

https://drive.google.com/open?id=14YFYBUdMhYu1vvZrCd9QAhyZQv5rAwdm https://asciinema.org/a/LRCzXVCkKrVlIkuLXNIKUQdhI

CPENameOperatorVersion
ajax-load-morelt5.3.2
Related for WPVDB-ID:1876312E-3DBA-4909-97A5-AFBB76FBC056