Geo Mashup WordPress Plugin Time-Based Blind SQL Injection Vulnerability

A time-based blind SQL injection vulnerability has been identified in the Geo Mashup plugin for WordPress, affecting all versions up to and including 1.13.19. The vulnerability arises from inadequate escaping of user-supplied data in the 'geo_mashup_null_fields' parameter, coupled with a lack of proper preparation in the SQL query. This flaw enables authenticated attackers with subscriber-level access or higher to inject additional SQL commands into existing queries, potentially leading to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for time-based blind SQL injection, where an attacker can manipulate SQL queries to extract data from the database, potentially including sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with subscriber-level access or higher can send a request that includes the 'geo_mashup_null_fields' parameter. The injected SQL payload can be crafted to extract data from the database, taking advantage of the insufficient input sanitization and query preparation.

Remediation

Users are advised to update the Geo Mashup WordPress plugin to version 1.13.20 or later, where this vulnerability has been addressed.