WordPress Plugin Vulnerabilities

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Description

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability.

Proof of Concept

Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete&permalinks[]=1) PAYLOAD -- "

Affects Plugins

Plugin icon
custom-permalinks
Fixed in 1.2

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Karim El Ouerghemmi
Submitter website
https://ripstech.com
Verified
No
WPVDB ID
a936fb4e-4380-4491-a0c6-77be69a1c789

Timeline

Publicly Published
2018-02-22 (about 6 years ago)
Added
2018-02-25 (about 6 years ago)
Last Updated
2018-02-25 (about 6 years ago)

Other

Published
Title
Published
2021-02-08
Title
Contact Form by Supsystic < 1.7.11 - Authenticated SQL Injections
Published
2018-01-10
Title
Testimonial Slider <= 1.2.4 - Authenticated SQL Injection
Published
2021-10-20
Title
Download Monitor < 4.4.5 - Admin+ SQL Injection
Published
2015-08-20
Title
Master Slider < 2.5.2 - Authenticated Blind SQL Injection
Published
2024-04-03
Title
Rehub < 19.6.2 - Authenticated (Subscriber+) SQL Injection