Login

Tag Archives: Authenticated SQL Injection

16 Jul 2019

Vulnerability Details: Authenticated SQL Injection in Web Librarian WP Plugin

Since we started monitoring CVE data on WordPress plugin vulnerabilities what we have seen is that the quality of the data isn’t very good. That again is true with CVE-2019-1010034, which states that versions “3.5.2 and earlier” of Web Librarian WP Plugin contain a SQL injection vulnerability. The next version of the plugin 3.5.3 was released in April of last year, which makes it seem odd that this report would be coming out now. The changelog for 3.5.3 is “Perform length check and truncation in WEBLIB_ItemInCollection::upload_csv().”, which doesn’t sound like it relates to the vulnerability mentioned and the changes made in that version look unrelated.

[Read more]

11 Jul 2019

Vulnerability Details: Authenticated SQL Injection in FV Player

One of the changelog entries for the latest version of FV Player is “Security – fix for SQL injection vulnerability on the wp-admin FV Player screen for users with access”. Looking at the changes made we found that an authenticated SQL injection vulnerability was fixed though the code hasn’t been properly secured and there still may be related issues.

[Read more]

8 May 2019

Vulnerability Details: Authenticated SQL Injection in WP Booking System

The changelog for the latest version of WP Booking System is “Security Improvements”. Looking at the changes made we found that refers to fixing several SQL injection vulnerabilities, though not through the most ideal method, as they were fixed with usage of the function esc_sql() instead of prepared statements. The vulnerabilities could have been exploited by logged in WordPress users and through cross-site request forgery (CSRF).

[Read more]

3 Apr 2019

Vulnerability Details: Authenticated SQL Injection in Related Posts

After the plugin Related Posts was closed on Saturday we noted it has a very serious settings change vulnerability that leads to persistent cross-scripting (XSS). Something we have been interested in with recent likely to be exploitable vulnerabilities, like that one, is having a better understanding of if these are fluke security issues in the plugins or if the security of the plugins is rather poor in general. What we have been seeing is that the plugins have fallen in the latter category, but we are also seeing is that these developers seem to be making coding mistakes and not doing testing of the functionality they are changing, which should flagged those mistakes for them.

[Read more]

20 Oct 2017

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Duplicate Page

Recently the security scanner service Detectify seems to have disclosed a number of unfixed reflected cross-site scripting (XSS) vulnerabilities in WordPress plugins that the developers may not have been notified of. We are still in the process of going through those, but so far we found that not only had some of the developers not been notified, but also Detectify seems to have claimed that a vulnerability was fixed that was not fixed and claimed another vulnerability was fixed that didn’t exist. In the meantime they put out another post that seemed to be disclosing more vulnerabilities that exist in the current version of plugins, where the developers we have heard back from so far say the hadn’t been notified.

[Read more]

13 Apr 2017

Vulnerability Details: Authenticated SQL Injection Vulnerability in Gallery – Video Gallery

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.

[Read more]