CVE-2024-13322 Scanner
CVE-2024-13322 Scanner - SQL Injection (SQLi) vulnerability in Ads Pro Plugin
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Ads Pro Plugin is a popular multi-purpose advertising manager for WordPress that allows website owners to manage and display ads in various formats. It integrates with WordPress sites to provide dynamic advertising solutions, offering tools for ad creation, placement, and tracking. The plugin is widely used by content creators and businesses to monetize their WordPress sites. It supports multiple types of ads such as banners, pop-ups, and video ads. Ads Pro Plugin is known for its flexibility and ease of integration with third-party ad networks. It provides a user-friendly interface for managing ad campaigns and viewing performance analytics.
This vulnerability is a SQL Injection (SQLi) flaw in Ads Pro Plugin, affecting all versions up to and including 4.88. It arises from insufficient input sanitization on the 'a_id' parameter in SQL queries. An attacker can exploit this vulnerability by submitting crafted inputs to manipulate the SQL query, which can lead to unauthorized access to the database. The flaw does not require authentication, making it particularly dangerous as remote attackers can exploit it easily. By injecting arbitrary SQL, attackers can read sensitive information from the database, potentially exposing user data or site configurations. This makes the vulnerability high risk for sites running affected versions of the plugin.
The issue exists in the way the Ads Pro Plugin handles user input in the 'a_id' parameter, which is part of SQL queries within the plugin’s backend. Specifically, the lack of proper escaping and query preparation allows attackers to inject malicious SQL queries into the existing queries. For example, by adding a time-based sleep function like 'sleep(0.7)', an attacker can delay the response from the server, confirming the injection was successful. This can be done without any authentication, making it accessible to anyone who interacts with the vulnerable endpoint. The vulnerability occurs during the execution of POST requests to '/wp-admin/admin-ajax.php'.
Successful exploitation of this SQL injection vulnerability can lead to serious consequences. Attackers could extract sensitive information from the WordPress database, such as user credentials, site settings, and other private data. Additionally, an attacker could perform unauthorized actions like modifying or deleting data. If the database is compromised, it could also lead to full site takeover or further attacks. Given the high CVSS score, the exploitation of this vulnerability presents significant risks to both the site administrators and users of affected WordPress sites.
References:
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-488-unauthenticated-sql-injection
- https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3bcb60a8-220f-45a4-a9a9-10f64acf470c?source=cve
