CMS Commander SQL Injection Vulnerability in WordPress Plugin

A SQL injection vulnerability has been identified in the CMS Commander plugin for WordPress, affecting all versions through 2.288. The vulnerability arises from inadequate escaping of user-supplied parameters in the backup restoration process, allowing authenticated attackers with access to the CMS Commander API key to inject additional SQL commands. This exploitation could lead to unauthorized extraction of sensitive data from the WordPress database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, an authenticated user with a CMS Commander API key can send a request to the WordPress site with the 'or_blogname', 'or_blogdescription', or 'or_admin_email' parameters. The injected SQL commands can then be executed to retrieve sensitive database information.