CVE-2018-16159
published 2018-08-30CVE-2018-16159: The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template…
PriorityP183critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
49.92%
98.8th percentile
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codemenschen | gift_vouchers | <= 2.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: WordPress Gift Voucher CVE-2018-16159 SQLi Detection condition: and detection: - 'status_code == 200' - 'contains(content_type, "application/json")' - 'contains(body, "images") && contains(body, "title")'
- →SQL Injection is triggered via the `template_id` POST parameter in requests to `wp-admin/admin-ajax.php` with the action `wpgv_doajax_front_template` ↗
- →Successful exploitation returns HTTP 200 with Content-Type application/json and a body containing both 'images' and 'title' fields — monitor for these response characteristics on admin-ajax.php requests involving wpgv_doajax_front_template
- →Rule digest for integrity verification of the detection signature: 4a0a004730450221009b59d3ec55632f95c7e8bc7b2675fb495fb912f04d51aba7ce21309032d980640220114c7fb0a3edde9f12efca75ba96219bb26cb4bd14f866e2e1fc16fdae651c67:922c64590222798bb761d5b6d8e72950
- ·Vulnerability affects Gift Vouchers plugin versions through 2.0.1 only; patched versions are not affected ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6cfg-p9mx-f38q: The Gift Vouchers plugin through 2
ghsa_unreviewed·2022-05-14
CVE-2018-16159 [CRITICAL] CWE-89 GHSA-6cfg-p9mx-f38q: The Gift Vouchers plugin through 2
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
VulnCheck
codemenschen gift_vouchers Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2018·CVSS 9.8
CVE-2018-16159 [CRITICAL] codemenschen gift_vouchers Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
codemenschen gift_vouchers Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
Affected: codemenschen gift_vouchers
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-26&host_type=src&vulnerability=cve-2018-16159; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-12-11&host_type=src&vulnerability=cve-2018-16159; https://dashboard.shadowserver.
No detection rules found.
Nuclei
WordPress Gift Voucher <4.1.8 - Blind SQL Injection
nuclei·CVSS 9.8
CVE-2018-16159 [CRITICAL] WordPress Gift Voucher <4.1.8 - Blind SQL Injection
WordPress Gift Voucher =6'
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "images") && contains(body, "title")'
condition: and
# digest: 4a0a004730450221009b59d3ec55632f95c7e8bc7b2675fb495fb912f04d51aba7ce21309032d980640220114c7fb0a3edde9f12efca75ba96219bb26cb4bd14f866e2e1fc16fdae651c67:922c64590222798bb761d5b6d8e72950
2018-08-30
Published
Exploited in the wild