Description

The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks

Related CPE's

a

sedlex

simple_quotation

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/6940a97e-5a75-405c-be74-bedcc3a8ee00

ExploitThird Party Advisory

https://wpscan.com/vulnerability/6940a97e-5a75-405c-be74-bedcc3a8ee00

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-89

[email protected]

Primary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-14T14:15:11.067Z

4 years ago

Last modified

2024-11-21T05:47:20.927Z

1 year ago