Simple Downloads List WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Simple Downloads List plugin for WordPress, affecting all versions through 1.4.2. The issue arises from inadequate escaping of user-supplied parameters in the 'category' attribute of the 'neofix_sdl' shortcode, coupled with a lack of proper preparation for the existing SQL query. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject additional SQL queries into the application's database queries. Exploitation of this vulnerability could lead to unauthorized access to sensitive information stored in the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the 'neofix_sdl' shortcode and include a crafted 'category' parameter that exploits the SQL injection flaw. The injected SQL can be used to extract data from the database, taking advantage of the plugin's insufficient input sanitization and query preparation.

Remediation

Users are advised to update the Simple Downloads List plugin to version 1.4.3 or later, where this vulnerability has been patched.