CVE-2022-4297
published 2023-01-02CVE-2022-4297: The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.60%
88.0th percentile
The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netflixtech | wp_autocomplete_search | <= 1.0.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin-ajax.php?q=[YourSearch]&Limit=1000×tamp=1645253464&action=wi_get_search_results&security=[xxxx]↗
- →Monitor unauthenticated POST/GET requests to /wp-admin/admin-ajax.php with the AJAX action parameter 'wi_get_search_results' — this is the vulnerable endpoint exposed to unauthenticated users. ↗
- →Inspect the 'q' query parameter in requests to admin-ajax.php?action=wi_get_search_results for SQL injection payloads — this is the unsanitised parameter directly interpolated into SQL. ↗
- →Alert on requests to admin-ajax.php carrying both 'action=wi_get_search_results' and SQL metacharacters (quotes, comment sequences, UNION/SELECT keywords) in the 'q' parameter. ↗
- ·The vulnerability affects WP AutoComplete Search plugin versions up to and including 1.0.4 only; verify the installed plugin version before applying detections to avoid false positives on patched installations. ↗
- ·The exploit requires a valid 'security' nonce value in the request; however, since the endpoint is unauthenticated, attackers may be able to obtain the nonce from the public-facing WordPress page that loads the autocomplete widget. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.htmlhttps://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26dhttp://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.htmlhttps://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26d
2023-01-02
Published