Smartcat Translator for WPML SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the Smartcat Translator for WPML plugin for WordPress, affecting all versions through 3.1.69. The vulnerability arises from inadequate escaping of user-supplied data in the 'orderby' parameter, allowing authenticated attackers with Author-level access or higher to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract sensitive database information.

Reproduction

To reproduce this vulnerability, an authenticated user with Author-level access or higher can send a request to a vulnerable endpoint that accepts the 'orderby' parameter. The lack of proper input sanitization allows for the injection of malicious SQL code, which could be used to extract database information.