Simply Poll WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Simply Poll WordPress plugin, specifically in version 1.4.1. This vulnerability allows unauthenticated attackers to inject SQL code through the 'pollid' POST parameter, enabling them to execute arbitrary SQL queries and extract sensitive data from the WordPress database. The exploitation involves sending requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values.

Impact

Exploitation of this vulnerability allows for arbitrary SQL query execution, potentially leading to unauthorized data extraction from the WordPress database. If the web server is misconfigured, there may also be read and write access to the filesystem.

Reproduction

To reproduce this vulnerability, send a POST request to the 'wp-admin/admin-ajax.php' endpoint. Include the 'action' parameter set to 'spAjaxResults' and the 'pollid' parameter with a value that will trigger the SQL injection. The vulnerability can be exploited using tools like sqlmap, which can automate the injection and extraction of database information.