WCAPF WooCommerce Ajax Product Filter Unauthenticated Time-Based SQL Injection Vulnerability

A time-based SQL injection vulnerability has been identified in the WCAPF – WooCommerce Ajax Product Filter plugin, affecting all versions through 4.2.3. The vulnerability arises from inadequate escaping of user-supplied data in the 'post-author' parameter, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based SQL injection, where an attacker can manipulate SQL queries to extract data from the database. This could include sensitive information such as user details or other private data stored in the database.

Reproduction

To reproduce this vulnerability, send a request to a WordPress site with the WCAPF – WooCommerce Ajax Product Filter plugin installed, using a 'post-author' parameter. The injected SQL payload can be crafted to exploit the time-based SQL injection vulnerability, such as by using SQL injection techniques that rely on time delays to confirm the injection.

Remediation

Users are advised to update the WCAPF – WooCommerce Ajax Product Filter plugin to version 4.3.0 or later, where this vulnerability has been patched.