Design Import/Export WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the Design Import/Export plugin for WordPress, affecting all versions through 2.2. The issue arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries in the XML file import feature. This vulnerability allows authenticated attackers with administrator-level access to inject additional SQL commands into existing queries, potentially leading to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to access or modify database information. In this case, it could be used to extract sensitive data from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator privileges can upload an XML file through the WordPress import feature. The uploaded file should contain crafted data that exploits the SQL injection vulnerability in the importer's SQL query handling. Once the file is imported, the injected SQL commands can be executed, leading to unauthorized database access or data manipulation.

Remediation

Users are advised to update the Design Import/Export plugin to version 2.3 or later, where this vulnerability has been patched.