CVE-2022-0773 Scanner
Detects 'SQL Injection' vulnerability in Documentor WordPress Plugin affects v. <= 1.5.3
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The Documentor WordPress plugin is a tool designed for creating and managing online documentation on WordPress websites. It is widely used by developers, content creators, and website administrators to provide users with guides, FAQs, and other types of documentation directly on their websites. The plugin offers features such as customizable skins, responsive design, and user-friendly interfaces to enhance the accessibility and appearance of the documentation. Being a WordPress plugin, it integrates seamlessly with the WordPress ecosystem, making it a convenient option for WordPress site owners. The vulnerability affects versions up to and including 1.5.3, highlighting the importance of keeping software up to date.
This SQL Injection vulnerability is specifically found in the way the Documentor plugin handles input within the `doc_search_results` AJAX action. Attackers can exploit this by sending specially crafted requests to the `admin-ajax.php` file, including malicious SQL code. The plugin does not sufficiently sanitize the `docid` parameter before it is used in SQL queries, allowing attackers to inject arbitrary SQL commands. This can lead to unauthorized data access or manipulation. The exploitation of this vulnerability does not require authentication, making it particularly severe.
Exploiting this vulnerability could have severe consequences for a WordPress site using the vulnerable versions of the Documentor plugin. Attackers can gain unauthorized access to the site's database, leading to the theft of sensitive information such as user credentials, personal data, and proprietary content. Additionally, attackers could manipulate or delete data, disrupting the site's operations and content integrity. This could harm the site's reputation, lead to financial losses, and potentially expose the site's owners to legal liabilities.
By joining the S4E platform, users can benefit from comprehensive digital asset monitoring and vulnerability detection, including the critical SQL Injection vulnerability in the Documentor WordPress plugin. Our platform's advanced scanning capabilities empower users to identify and address vulnerabilities before they can be exploited by attackers, enhancing the security posture of their digital presence. With timely notifications, detailed reports, and actionable insights, members can proactively manage their cybersecurity risks, ensuring their websites remain secure, compliant, and resilient against emerging threats.
References