Popular WordPress plugins are vulnerable to serious or critical SQL injection vulnerabilities for which PoC exploits have been released.
The errors were discovered by Tenable's recercher Joshua Martinell, who reported them to WordPress on December 19, 2022, along with PoC.
Plugin developers have released updates to solve the problems in the following days, so all the problems in the latest versions have been fixed.
Yesterday, the researcher revealed the technical details and presented a PoC for each vulnerability.
The first plug-in is Paid Memberships Pro, a membership and subscription management tool used on more than 100,000 websites.
According to Tenable, the problem is related to the "code" parameter in the REST route /pmpro/v1/order before using it in the SQL statement.
Vulnerability with CVSSv3 9.8 is tracked as CVE-2023-23488 and affects all plugin versions older than 2.9.8, fixed on December 27, 2022.
The second WordPress add-on vulnerable to SQL injection is Easy Digital Downloads, an e-commerce solution with more than 50,000 active installations.
The problem is related to the "s" parameter in "edd_download_search" before using it in the SQL statement.
The vulnerability is tracked as CVE-2023-23489 and has received a CVSSv3 severity rating of 9.8. It affects all versions below 3.1.0.4, released on January 5, 2023.
Finally, Tenable discovered a serious CVE-2023-23490 in Survey Marker, a WordPress plugin used on 3,000 websites for surveys and market research.
The vulnerability received a CVSS rating of 8.8, since it requires authentication of the attacker at least as a subscriber. The fix is available from December 21, 2022 with version 3.1.2.
Tenable does not report what impact vulnerabilities can have if they are exploited in real attacks.
However, given the criticality of errors, plugin users are advised to upgrade to the latest version.