Conversios WordPress Plugin SQL Injection Vulnerability in Google Tag Manager Integration

A time-based SQL injection vulnerability has been identified in the Conversios WordPress plugin, specifically in the Google Analytics 4 (GA4), Meta Pixel, and Google Tag Manager integration for WooCommerce. This vulnerability exists in all versions of the plugin up to and including 7.0.7. The issue arises in the 'ee_syncProductCategory' function, where insufficient escaping of user-supplied data in the 'conditionData', 'valueData', 'productArray', 'exclude', and 'include' parameters allows authenticated attackers with subscriber access or higher to inject additional SQL queries. Exploitation of this vulnerability could lead to unauthorized access to sensitive information in the database.

Impact

Successful exploitation allows authenticated users with subscriber privileges to perform time-based SQL injection, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber access can send a request to the 'ee_syncProductCategory' function with crafted 'conditionData', 'valueData', 'productArray', 'exclude', and 'include' parameters. The lack of proper input sanitization and SQL query preparation will allow the injection of malicious SQL commands that could be executed by the database.

Remediation

Users are advised to update the Conversios WordPress plugin to version 7.0.8 or later, where this vulnerability has been patched.