ARMember WordPress Plugin Time-Based Blind SQL Injection Vulnerability

A time-based blind SQL injection vulnerability has been identified in the ARMember WordPress plugin, specifically in versions through 4.0.60. The issue arises in the 'orderby' parameter, where insufficient escaping of user-supplied data allows unauthenticated attackers to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to a vulnerable WordPress site with the ARMember plugin active. Include the 'orderby' parameter in the request. The lack of proper input sanitization will allow the injection of malicious SQL that could be executed by the database, potentially exposing sensitive information.