Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5429: Changeset 2985373 for information-reel – WordPress Plugin Repository

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE
Open in Source
#sql#web#redis#js#wordpress#php#auth

Timestamp:

10/28/2023 03:43:30 PM (3 days ago)

gopiplus

Message:

Tested up to 6.4

Location:

information-reel/trunk

Files:

  • information-reel.js (1 diff)
  • information-reel.php (2 diffs)
  • readme.txt (3 diffs)

Legend:

Unmodified

Added

Removed

  • information-reel/trunk/information-reel.js

    r2651616

    r2985373

1

1

/\*\*

2

2

 \*     Information Reel

3

 

 \*     Copyright (C) 2011 - 2022 www.gopiplus.com

 

3

 \*     Copyright (C) 2011 - 2023 www.gopiplus.com

4

4

 \*

5

5

 \*     This program is free software: you can redistribute it and/or modify

  • information-reel/trunk/information-reel.php

    r2651616

    r2985373

5

5

Description: Information Reel wordpress plugin create the reel type scroll in the website widget. The scroll contain the entered title, image, and description. This is best way to announce your messages to user.

6

6

Author: Gopi Ramasamy

7

 

Version: 10.0

 

7

Version: 10.1

8

8

Author URI: http://www.gopiplus.com/work/

9

9

Donate link: http://www.gopiplus.com/work/2011/04/16/wordpress-plugin-information-reel/

…

…

 

129

129

    if($IR\_type <> "" )

130

130

    {

131

 

        $sSql = $sSql . " and IR\_type='".$IR\_type."'";

 

131

        $sSql = $sSql . " and IR\_type = %s ";

 

132

        $sSql = $wpdb->prepare($sSql, $IR\_type);

132

133

    }

133

134

    if($IR\_random == "YES"){ $sSql = $sSql . " ORDER BY RAND()"; }else{ $sSql = $sSql . " ORDER BY IR\_order"; }

  • information-reel/trunk/readme.txt

    r2827123

    r2985373

6

6

Tags:  Announcement, Scroller, Reel, Scroll, Text scroll

7

7

Requires at least: 3.4

8

 

Tested up to: 6.1

9

 

Stable tag: 10.0

 

8

Tested up to: 6.4

 

9

Stable tag: 10.1

10

10

License: GPLv2 or later

11

11

License URI: http://www.gnu.org/licenses/gpl-2.0.html

…

…

 

119

119

\== Upgrade Notice ==

120

120

 

121

\= 10.1 =

 

122

 

123

1\. Tested up to 6.4

 

124

121

125

\= 10.0 =

122

126

…

…

 

249

253

\== Changelog ==

250

254

 

255

\= 10.1 =

 

256

 

257

1\. Tested up to 6.4

 

258

251

259

\= 10.0 =

252

260

Note: See TracChangeset for help on using the changeset viewer.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE