WPCOM Member SQL Injection Vulnerability in WordPress Plugin

A time-based SQL injection vulnerability has been identified in the WPCOM Member plugin for WordPress, affecting all versions through 1.7.6. The vulnerability arises from inadequate escaping of user-supplied data in the 'user_phone' parameter, allowing unauthenticated attackers to inject additional SQL commands into existing queries. This exploitation could lead to the unauthorized extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract data from the database. This could include sensitive information such as user details or other private data stored in the database.

Reproduction

To reproduce this vulnerability, send a request to a vulnerable WordPress site with the WPCOM Member plugin installed, using the 'user_phone' parameter. The injected SQL payload can be crafted to exploit the time-based SQL injection vulnerability, such as by using SQL injection techniques that rely on timing attacks to extract information from the database.

Remediation

Users are advised to update the WPCOM Member plugin to version 1.7.7 or later, where this vulnerability has been patched.