CleverReach WP SQL Injection Vulnerability in Title Parameter
Vulnerability
A time-based SQL injection vulnerability has been identified in the CleverReach WP plugin for WordPress, affecting all versions up to and including 1.5.20. The vulnerability arises from inadequate escaping of user-supplied data in the 'title' parameter, coupled with a lack of proper preparation in the SQL query. This flaw allows unauthenticated attackers to inject additional SQL commands into existing queries, potentially leading to the extraction of sensitive information from the database.
Impact
Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract sensitive data from the database.
Reproduction
To reproduce this vulnerability, send a POST request to the endpoint handled by the 'Clever_Reach_Article_Search_Controller' class, specifically targeting the 'title' parameter. The injected SQL payload should be crafted to exploit the time-based SQL injection vulnerability, taking advantage of the insufficient escaping and query preparation to append malicious SQL that could, for example, extract database information.
Remediation
No known patch is available. It is recommended to uninstall the affected plugin and consider a replacement.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.