CVE-2022-0411 The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id parameter before using it in a SQL statement via a REST route, leading to a SQL injection.

when accessing the “Settings” page via a REST route of the plugin. The attacker can exploit this to execute arbitrary SQL commands and obtain access to different tables and columns of the database. This plugin update fixes this issue by escaping and sanitising the post_id parameter before using it in a SQL statement. This update also fixes another issue that occurs by default images with large dimensions are compressed with GZIP and stored in the database, which can lead to a large storage space usage and a high load on the database. The plugin developer recommends uploading images with a maximum size of 7kb, which is kept by default in the plugin. This update also fixes another issue where the search_query setting of the plugin was stored in the database in an unquoted form, which could lead to SQL injection when accessing the “Search” page via a REST route of the plugin.

Plugin Name: Multiple vulnerabilities in the WP Security Updater plugin

Affected Versions: 3.3.3 and earlier
Description: The WP Security Updater (WPSU) is a WordPress plugin that provides security updates for the core and some of the most popular plugins. The WPSU is installed automatically on WordPress installs, but can also be installed manually by users who want to make sure their sites are up to date or have a particular plugin updated.
The WPSU is vulnerable to three vulnerabilities, which allow an attacker access to different tables and columns within the database. This issue was fixed in version 3.3.4 of the plugin by escaping and sanitising the post_id parameter before using it in a SQL statement. This update also fixes another issue that occurs by default images with large dimensions are compressed with GZIP and stored in the database, which can lead to a high load on the database when accessed via REST routes of this plugin. It also fixes another issue where search_query setting of this plugin was stored unquoted in the database, which could lead to SQL injection when accessing a "Search" page via REST route of this plugin.

Timeline

Published on: 02/28/2022 09:15:00 UTC
Last modified on: 03/08/2022 16:57:00 UTC

References

• https://wpscan.com/vulnerability/35272197-c973-48ad-8405-538bfbafa172
• https://plugins.trac.wordpress.org/changeset/2669226/asgaros-forum
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0411