Ajax Load More < 5.3.2 - Authenticated SQL Injection



Description
The Ajax Load More WordPress plugin was vulnerable to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#&type=test.

The attacker needs to be authenticated with the edit_theme_options capability, which only administrators have by default.
Proof of Concept The PoC will be displayed on June 01, 2020, to give users the time to update.

Affects Plugin

References

ExploitDB 48475

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Nguyen Khanh
Submitter khanh
Views 999
Verified No
WPVDB ID 10230

Timeline

Publicly Published 2020-05-18 (9 days ago)
Added 2020-05-18 (9 days ago)
Last Updated 2020-05-20 (6 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin