ProfileGrid WordPress Plugin Blind and Time-Based SQL Injection Vulnerability

A vulnerability allowing blind and time-based SQL injection has been identified in the ProfileGrid – User Profiles, Groups and Communities plugin for WordPress. This issue affects all versions through 5.9.4.7. The vulnerability arises from inadequate escaping of user-supplied parameters in the rid and search fields, coupled with a lack of proper preparation of the SQL query. As a result, authenticated attackers with Subscriber-level access or higher can inject additional SQL queries into existing ones, potentially leading to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for blind and time-based SQL injection, where an attacker can manipulate SQL queries to extract sensitive data from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request with crafted rid or search parameters that exploit the SQL injection flaw. The injected SQL can be designed to extract information from the database, taking advantage of the plugin's chat system functionality.

Remediation

Users are advised to update the ProfileGrid – User Profiles, Groups and Communities plugin to version 5.9.4.8 or a newer patched version.