Supsystic Pricing Table SQL Injection and Stored Cross-Site Scripting Vulnerabilities

A SQL injection vulnerability has been identified in the Supsystic Pricing Table WordPress plugin, specifically in version 1.8.7. The vulnerability resides in the 'sidx' GET parameter, which is not properly sanitized, allowing unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. Additionally, the plugin has stored cross-site scripting vulnerabilities in the 'Edit name' and 'Edit HTML' fields, where injected scripts are executed when the pricing tables are viewed.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, potentially leading to database manipulation or disclosure. The stored cross-site scripting vulnerabilities enable the execution of malicious scripts in the context of the user viewing the pricing table.

Reproduction

To reproduce the SQL injection vulnerability, capture a request using a tool like Burp Suite or OWASP ZAP while searching for existing pricing tables. Save this request and use sqlmap to exploit the vulnerability by targeting the 'sidx' parameter. The stored cross-site scripting vulnerability can be reproduced by injecting a script payload into the 'Edit name' or 'Edit HTML' fields. Once the payload is saved, it will execute when the pricing table is viewed.

Remediation

Users are advised to update to the patched version of the Supsystic Pricing Table WordPress plugin.