JS Archive List WordPress Plugin Time-Based SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the JS Archive List plugin for WordPress, affecting all versions through 6.1.5. The issue arises in the build_sql_where() function, where insufficient escaping of user-supplied parameters and inadequate preparation of the SQL query allow unauthenticated attackers to append additional SQL commands. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract data from the database. This could include sensitive information such as user details or other confidential data stored in the database.

Reproduction

The vulnerability can be reproduced by sending a request to a WordPress site with the vulnerable JS Archive List plugin installed. The request should include crafted parameters that exploit the SQL injection flaw in the build_sql_where() function. This can be done using a SQL injection payload that takes advantage of the insufficient escaping of user input, potentially leading to the execution of additional SQL commands that extract data from the database.

Remediation

Users are advised to update the JS Archive List WordPress plugin to version 6.1.6 or later, where this vulnerability has been patched.