CVE-2024-6159 Scanner
CVE-2024-6159 scanner - SQL Injection vulnerability in Push Notification for Post and BuddyPress
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The Push Notification for Post and BuddyPress plugin is a popular tool used in WordPress websites to manage and send notifications to users. It's widely used by site administrators who want to notify their users about updates, posts, or activities. This plugin integrates with BuddyPress, extending notification capabilities across the community platform. Many small to medium-sized websites use it to enhance user engagement. However, if not properly secured, it can expose databases to vulnerabilities like SQL injection.
The plugin is vulnerable to an SQL injection attack through improperly sanitized parameters. Specifically, attackers can exploit the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' parameters. This could allow unauthenticated attackers to run arbitrary SQL queries on the database. The vulnerability is critical as it can lead to the extraction of sensitive information.
This vulnerability arises because the plugin fails to properly sanitize user-supplied input for the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' parameters. Attackers can append additional SQL queries into already existing queries due to insufficient preparation and escaping. The vulnerable endpoint is the /wp-admin/admin-ajax.php
file, where the action parameter handles push notifications. By leveraging this flaw, an attacker could extract sensitive database information or manipulate the database itself.
Exploiting this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to a full database compromise. Sensitive user data such as login credentials, private messages, and personal information could be extracted. The website could suffer severe service disruption, or in the worst case, the attacker could take full control of the system by modifying the database. Furthermore, this could also lead to significant data breaches and reputational damage to the affected website.
Using Security for Everyone (S4E) ensures your website is regularly scanned for such critical vulnerabilities. Our platform continuously monitors your web assets, keeping your data safe from malicious attacks. By running routine checks on your plugins and themes, we help you stay ahead of security risks. Sign up today to keep your WordPress site secure and to gain access to detailed vulnerability reports and remediation suggestions. Don't let SQL injections put your user data at risk.
References: