WordPress Newsletters Plugin SQL Injection Vulnerability in Orderby Parameter

A time-based SQL injection vulnerability has been identified in the Newsletters plugin for WordPress, affecting versions through 4.9.9.8. The vulnerability arises from inadequate escaping of user-supplied data in the 'orderby' parameter, allowing authenticated attackers with Contributor-level access or higher to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, which could be used to manipulate database queries and extract confidential data.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can send a request to a WordPress site with the Newsletters plugin active. The request must include the 'orderby' parameter with a value that is not properly sanitized, such as one that could inject malicious SQL. This can be done by exploiting a shortcode that uses the 'orderby' parameter, such as the 'newsletters_posts' shortcode.

Remediation

Users are advised to update the Newsletters plugin to version 4.9.9.9 or later, where this vulnerability has been patched.