WordPress Form Maker Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the WordPress Form Maker Plugin, specifically in versions through 1.12.24. This vulnerability allows authenticated attackers to manipulate database queries by injecting malicious SQL payloads. Exploitation can be achieved through the FormMakerSQLMapping and generete_csv actions, using the name and search_labels parameters to extract, modify, or escalate privileges within the WordPress database.

Impact

Exploitation of this vulnerability allows for unauthorized database access, where attackers can execute arbitrary SQL commands. This could lead to extraction or modification of database information, and in some cases, escalation of privileges within the WordPress site.

Reproduction

To reproduce this vulnerability, log into a WordPress site as an authenticated user with access to the Form Maker Plugin settings. Then, send a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'FormMakerSQLMapping' or 'generete_csv'. Include a crafted SQL payload in the 'name' or 'search_labels' parameters. The injected SQL will be executed by the database, allowing manipulation of database contents or privileges.