If the translator does not have proper control over the WordPress installation, or if a malicious translator injects SQL into the database, it can be exploited to gain direct access to the database and carry out unauthorized actions. The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 do not sanitize user-supplied strings before it is stored in the database. This makes it easier for a malicious user with the Translator role to inject unauthorized SQL code into the database. A malicious translator might attempt to inject SQL code into the database that gives them access to the source code of the website, or the administrator’s WordPress installation. The malicious translator can attempt to access the administrator’s WordPress installation, upload malicious code, and gain direct access to the administrator’s account.

How to find out if you are vulnerable?

If you are using the Complianz Premium WordPress plugin before 6.3.6, you can use the plugin to check if your site is vulnerable. If you are using any other version of the plugin, please contact their customer support team directly for assistance on identifying the vulnerability.

Affected Software

* Complianz WordPress plugin before 6.3.4 * Complianz Premium WordPress plugin before 6.3.6
The following public disclosure is provided by the author of the original advisory: https://www.exploit-db.com/author/?id=1444

What to do?

If a malicious translator does gain direct access to the administrator’s WordPress installation, it is possible for them to upload malicious code which could lead to a compromise of the website. If you think your website may be vulnerable, we recommend contacting the provider of the plugin and requesting they make changes to their software.

Timeline

Published on: 11/07/2022 10:15:00 UTC
Last modified on: 11/10/2022 06:24:00 UTC

References