Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting

vendor:

Another Wordpress Classifieds Plugin

by:

dill

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Another Wordpress Classifieds Plugin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Another WordPress Classifieds Plugin sql injection and Cross Site Scripting

The parameter “keywordphrase” is susceptible to a time-based blind SQL injection when doing a search for classifieds. The exploit can be done through sqlmap by copying the post request to a text file and running the sqlmap command.

Mitigation:

Input validation and sanitization should be done on the parameter “keywordphrase” to prevent SQL injection.

Source

Another WordPress Classifieds Plugin sql injection and Cross Site Scripting

Mitigation:

Exploit-DB raw data: