A high CVSS score vulnerability has been detected in portfolio gallery plugin WordPress. The plugin is vulnerable to SQL-injection, and affect version 1.18 and lower.
The vulnerability allows threat actors to conduct a remote attack with an unknown input, leading to SQL-injection. According to CWE, it classifies this attack with a number CWE89.
Affected version of the plugin is able to execute all or part of an SQL command using successful executed input, from components of the plugin used on WordPress, however it doesn’t invalidate the code or does it incorrectly, when it is sent to the database.
It allows the threat actors to then successfully manipulate the database. This will impact data confidentiality as attacker can gain access to usernames, passwords or other sensitive data in the database, it also impacts data integrity as the attacker can decided to change or modify data stored in the database or even elevate access right of an ordinary user to a superuser, and lastly it also affects data availability, as the attacker may decide to drop the entire database of the vulnerable web applications running the affected versions.
Technical details or exploit conducted are not publicly available at the moment. MITRE ATT&CK project uses the attack technique T1505 for this vulnerability.
WordPress users who are currently using this plugin are advised to upgrade to version 1.1.9 or higher, as security patches and updates have been provided in this version.
The patch 58ed88243e17df766036f4857041edaf358076d3 is able to fix this problem. The bugfix, can be downloaded from the GitHub repo. The vulnerability was successful mitigated in the published update of the plugin, immediately after disclosure.
CWE: CWE-89 / CWE-74/ CWE-707
MITRE ATT&CK: T1505
Created: 05/27/2023 09:58 AM
Changes: 05/27/2023 09:58 AM
Please do let us know in the comment section what are your thoughts about this.