CVE-2023-28662 Scanner
CVE-2023-28662 Scanner - SQL Injection (SQLi) vulnerability in Gift Cards (Gift Vouchers and Packages) WordPress Plugin
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
2 weeks 17 hours
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin is widely used by businesses and individuals aiming to offer digital gift vouchers through their WordPress websites. This plugin facilitates easy management and customization of gift card offerings, allowing for differentiated packages and vouchers. It is frequently utilized in e-commerce settings for promotional purposes and customer retention. The plugin is maintained by developers using the WordPress framework, and it integrates seamlessly into websites to support online commercial strategies. With its comprehensive features, the plugin provides a practical tool for expanding online business functionalities. Its user-friendly interface and compatibility make it a popular choice among WordPress users.
The vulnerability detected in the Gift Cards WordPress Plugin is a critical SQL Injection issue. SQL Injection vulnerabilities allow attackers to manipulate the database queries executed by the application. This specific vulnerability exists in the 'template' parameter within the 'wpgv_doajax_voucher_pdf_save_func' action, which fails to validate user input properly. Through this, malicious users can craft requests to execute arbitrary SQL commands on the database. This can lead to unauthorized data access or modification. The issue is particularly alarming because it can be exploited without authentication.
Technically, the vulnerability stems from insufficient input validation on the 'template' parameter. The plugin does not sanitize or prepare the input properly before using it in SQL queries. The affected parameter is handled directly by database operations, which an attacker can exploit to perform time-based SQL injections. The exploit involves sending crafted POST requests to the server with specific input that manipulates the database response time to infer information. The attack can be confirmed by measuring response delays and error messages returned from the plugin.
If exploited, this SQL Injection vulnerability could have severe consequences. Attackers might gain unauthorized access to sensitive data, such as user credentials and payment information. They could alter or delete crucial database information, severely disrupting the website's operations. In worst-case scenarios, it might lead to full-site compromise, allowing attackers to install backdoors or malware. This could further harm the website's reputation and user trust, leading to a potential loss of business.
REFERENCES
