WordPress Ultimate Form Builder Lite SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the WordPress Ultimate Form Builder Lite plugin, affecting versions through 1.3.7. This vulnerability allows authenticated attackers to manipulate database queries by injecting SQL code via the entry_id POST parameter. Exploitation involves sending POST requests to the admin-ajax.php endpoint with the ufbl_get_entry_detail_action action, enabling attackers to extract, modify, or escalate privileges within the WordPress database.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, modification, or privilege escalation within the WordPress database.

Reproduction

To reproduce this vulnerability, log into a WordPress site as an authenticated user with access to the Ultimate Form Builder Lite plugin. Send a POST request to the admin-ajax.php endpoint, including the entry_id parameter with injected SQL code, and specify the action as ufbl_get_entry_detail_action. This will trigger the SQL injection by manipulating the database query associated with the action.