The Ultimate WordPress Toolkit WP Extended Unauthenticated SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in The Ultimate WordPress Toolkit - WP Extended plugin, affecting all versions through 3.0.12. The vulnerability arises in the Login Attempts module, where insufficient escaping of user-supplied data allows unauthenticated attackers to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract data from the database. In this case, the vulnerability could be used to access sensitive information such as usernames, IP addresses, and other personal data stored in the WordPress database.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the WordPress site with the Login Attempts module active. The request must include unsanitized data that can be injected into the SQL query handling login attempts. This can be done by exploiting the authentication process, where the injected SQL could be used to manipulate database queries related to login attempts.

Remediation

Users are advised to update the plugin to version 3.0.13 or later, where this vulnerability has been patched.