S4E

CVE-2022-0760 Scanner

Detects 'SQL Injection' vulnerability in Simple Link Directory plugin for WordPress affects v. before 7.7.2.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Time Interval

744 sec

Scan only one

Domain, Ipv4

Toolbox

-

The Simple Link Directory plugin is a popular WordPress plugin that allows administrators to create simple and responsive directories for their website. It is a straightforward and easy-to-use plugin that has been downloaded by over 20,000 users worldwide. The plugin is designed to simplify website navigation for users by providing a search and filter system that can categorize links based on various parameters.

However, a severe vulnerability recently surfaced in this plugin, attracting the attention of the cybersecurity community. Tracked as CVE-2022-0760, this vulnerability has been identified as an unauthenticated SQL injection flaw. The Simple Link Directory plugin before version 7.7.2 does not validate and escape the post_id parameter correctly before using it in an SQL statement via the qcopd_upvote_action AJAX action, which is available to both authenticated and unauthenticated users.

An attacker can exploit this vulnerability to take over the targeted WordPress website by injecting malicious SQL code into the search parameter. The attacker can then gain access to sensitive information stored on the website's database, alter the database, or even execute arbitrary code. The vulnerability can be exploited without requiring any authentication, allowing any attacker with access to the search parameters to carry out attacks.

In conclusion, it is essential to take cybersecurity vulnerabilities in WordPress plugins seriously. The Simple Link Directory plugin is just one of the many plugins that can expose a website's database to attackers. With the help of the s4e.io platform, website administrators can easily and quickly learn about vulnerabilities in their digital assets and protect against attacks.

 

REFERENCES

Get started to protecting your Free Full Security Scan