vendor:
Ultimate Form Builder Lite Plugin
by:
defensecode
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ultimate Form Builder Lite Plugin
Affected Version From: 1.3.7 and below
Affected Version To: 1.3.7
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:ultimate_form_builder_lite_plugin
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: N/A
2018
WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection
The easiest way to reproduce the SQL injection vulnerability is to visit the provided URL while being logged in as administrator or another user that is authorized to access the plugin settings page. Users that do not have full administrative privileges could abuse the database access the vulnerability provides to either escalate their privileges or obtain and modify database contents they were not supposed to be able to. Vulnerable Function: $wpdb->get_row(), Vulnerable Variable: $_POST['entry_id'], Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php, Vulnerable POST body: entry_id=ExploitCodeHere&_wpnonce=xxx&action=ufbl_get_entry_detail_action
Mitigation:
Update to the latest version of the WordPress Ultimate Form Builder Lite plugin (1.3.7 or higher)
