Mail Mint WordPress Plugin Blind SQL Injection Vulnerability

A blind SQL injection vulnerability has been identified in the Mail Mint plugin for WordPress, affecting all versions through 1.19.2. The vulnerability arises from inadequate escaping of user-supplied parameters in several API endpoints, allowing authenticated attackers with administrator privileges to inject additional SQL queries into existing ones. The affected API endpoints are 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map'.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries executed by the application. This could lead to unauthorized data access or modification, and in some cases, could be exploited to execute administrative functions or escalate privileges.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator privileges can send a request to one of the vulnerable API endpoints ('forms', 'automation', 'email/templates', or 'contacts/import/tutorlms/map') including crafted 'order-by', 'order-type', or 'selectedCourses' parameters. The lack of proper SQL query preparation will allow the injected SQL to be executed, demonstrating the SQL injection vulnerability.

Remediation

Users are advised to update the Mail Mint plugin to version 1.19.3 or later, where this vulnerability has been patched.