S4E

CVE-2024-6159 Scanner

CVE-2024-6159 scanner - SQL Injection vulnerability in Push Notification for Post and BuddyPress

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

The Push Notification for Post and BuddyPress plugin is a popular tool used in WordPress websites to manage and send notifications to users. It's widely used by site administrators who want to notify their users about updates, posts, or activities. This plugin integrates with BuddyPress, extending notification capabilities across the community platform. Many small to medium-sized websites use it to enhance user engagement. However, if not properly secured, it can expose databases to vulnerabilities like SQL injection.

The plugin is vulnerable to an SQL injection attack through improperly sanitized parameters. Specifically, attackers can exploit the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' parameters. This could allow unauthenticated attackers to run arbitrary SQL queries on the database. The vulnerability is critical as it can lead to the extraction of sensitive information.

This vulnerability arises because the plugin fails to properly sanitize user-supplied input for the 'onesignal_externalid' and 'onesignal_get_subscriptionoptions_id' parameters. Attackers can append additional SQL queries into already existing queries due to insufficient preparation and escaping. The vulnerable endpoint is the /wp-admin/admin-ajax.php file, where the action parameter handles push notifications. By leveraging this flaw, an attacker could extract sensitive database information or manipulate the database itself.

Exploiting this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to a full database compromise. Sensitive user data such as login credentials, private messages, and personal information could be extracted. The website could suffer severe service disruption, or in the worst case, the attacker could take full control of the system by modifying the database. Furthermore, this could also lead to significant data breaches and reputational damage to the affected website.

Using Security for Everyone (S4E) ensures your website is regularly scanned for such critical vulnerabilities. Our platform continuously monitors your web assets, keeping your data safe from malicious attacks. By running routine checks on your plugins and themes, we help you stay ahead of security risks. Sign up today to keep your WordPress site secure and to gain access to detailed vulnerability reports and remediation suggestions. Don't let SQL injections put your user data at risk.

References:

Get started to protecting your Free Full Security Scan