Wow Viral Signups WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Wow Viral Signups WordPress plugin, specifically in version 2.1. This vulnerability allows unauthenticated attackers to exploit the unescaped 'idsignup' POST parameter, sending crafted requests to the admin-ajax.php endpoint. By doing so, attackers can inject malicious SQL payloads to extract arbitrary data from the database.

Impact

Exploitation of this vulnerability allows for arbitrary data extraction from the database. Additionally, if the web server is misconfigured, there may be potential read and write access to the filesystem.

Reproduction

To reproduce this vulnerability, send a POST request to the 'wp-admin/admin-ajax.php' endpoint with the 'action' parameter set to 'mwp_signup_send'. Include the 'idsignup' parameter with a value that exploits the SQL injection vulnerability, such as '1' followed by a crafted SQL payload. The injection can be verified by using a tool like sqlmap to automate the exploitation process.