CVE-2022-0439 Scanner
CVE-2022-0439 Scanner - SQL Injection (SQLi) vulnerability in Email Subscribers & Newsletters (WordPress Plugin)
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
24 days 12 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
Email Subscribers & Newsletters is a popular plugin for WordPress that allows website administrators to manage email subscriptions and send newsletters to subscribers. This plugin is widely used by bloggers, businesses, and content creators to maintain a direct communication channel with their audience. It supports the creation and distribution of email campaigns directly from the WordPress dashboard. The plugin also handles subscriber management, subscription forms, and provides various analytics to track the success of email campaigns. Users ranging from small businesses to larger organizations rely on this plugin to effectively manage their email communications on websites powered by WordPress.
The vulnerability detected is a SQL Injection (SQLi) in versions of the plugin before 5.3.2. This flaw arises due to the improper escaping of the `order` and `orderby` parameters in the `ajax_fetch_report_list` action. Users with roles as low as Subscribers can exploit this flaw since the action lacks CSRF protection, further amplifying the risk by allowing attackers to trick users into clicking a malicious link. The vulnerability enables attackers to execute arbitrary SQL commands within the database associated with the WordPress site.
Technically, the vulnerability exists in the handling of the `order` and `orderby` parameters of the plugin's AJAX action. Attackers can exploit this by manipulating these parameters to execute SQL commands due to the absence of proper escaping techniques. The issue is further compounded by the lack of Cross-Site Request Forgery (CSRF) protection, allowing unauthorized actions to be performed without the user's consent. The exploitation can lead to execution of SQL injections, potentially compromising the database content. The attack can be initiated through a specially crafted GET request to specific endpoints of the WordPress site.
If the vulnerability is exploited, attackers can gain unauthorized access to sensitive data, including user credentials, emails, or other proprietary information stored in the database. This could potentially lead to a data breach or data tampering. Attackers may also alter or delete data, significantly impacting the website's functionality and integrity. Further, there may be reputational damage for businesses and security concerns for their customers and clients.
REFERENCES
