CVE-2021-24442 Scanner

WordPress Polls Widget is a widely used plugin that enables users to create and manage polls on WordPress websites. It is designed to enhance user engagement through surveys, questionnaires, and voting systems. This plugin is typically utilized by marketers, website owners, and bloggers to gather user feedback and insights. Its ease of integration and user-friendly interface makes it popular among WordPress users aiming to engage with their audience effectively. The plugin supports various customization options, allowing users to tailor their polls to fit the aesthetic and functionality of their website. Given its role in data collection, it is crucial for the plugin to maintain high security standards to protect user data.

SQL Injection is a critical vulnerability that allows an attacker to interfere with the queries that an application makes to its database. This vulnerability occurs when input fields are not properly sanitized, leading to the execution of malicious SQL commands. In the context of WordPress Polls Widget, this vulnerability affects the 'date_answers[]' POST parameter, which is used without sanitization, escaping, or validation. By exploiting this vulnerability, an attacker could potentially read or modify sensitive data from the database. This could result in unauthorized access, data leakage, or even complete control over the database server. The impact of a successful SQL Injection attack can be devastating, emphasizing the importance of secure coding practices.

The technical flaw in the WordPress Polls Widget plugin pertains to the unvalidated 'date_answers[]' POST parameter. During the submission of poll results, this parameter is directly used in SQL queries, leaving it vulnerable to injection attacks. A threat actor can exploit this by sending specially crafted requests to the server, including SQL commands in 'date_answers[]'. Specifically, the parameter is susceptible to time-based SQL injections, which can be confirmed by observing delayed responses when injecting sleep functions within SQL commands. This issue arises due to insufficient input validation and lack of parameterization, presenting a significant risk to any system using a vulnerable version of the plugin.

If exploited, this vulnerability could have severe effects, including unauthorized database access and data theft. Attackers may be able to retrieve sensitive information, such as user credentials, or manipulate data content to deface web pages or inject malware. Additionally, unauthorized data modification can lead to loss of data integrity and trust from users. In worst-case scenarios, attackers could gain administrative privileges over the database, possibly affecting the entire website or server. As a result, businesses could face financial loss, reputational damage, and legal implications if sensitive user data is compromised.

REFERENCES

• https://wpscan.com/vulnerability/7376666e-9b2a-4239-b11f-8544435b444a/
• https://nvd.nist.gov/vuln/detail/CVE-2021-24442
• https://wordpress.org/plugins/polls-widget/