Security News > 2023 > January > PoC exploits released for critical bugs in popular WordPress plugins

Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available.

The three vulnerable plugins were discovered by Tenable security researcher Joshua Martinelle, who reported them responsibly to WordPress on December 19, 2022, along with proofs of concept.

The authors of the plugins released security updates to address the issues in the following days or weeks, so all problems have been fixed now, and those running the latest available version are no longer vulnerable.

Finally, Tenable discovered CVE-2023-23490, a 'high-severity' SQL injection flaw in 'Survey Marker,' a WordPress plugin used by 3,000 websites for surveys and market research.

While all of these plugins were vulnerable to SQL injection, and proof of concept exploits were released, Tenable did not share what impact they could lead if exploited in attacks.

As the bugs are categorized as critical, it is recommended that all sites using these plugins upgrade to the latest version.

News URL

https://www.bleepingcomputer.com/news/security/poc-exploits-released-for-critical-bugs-in-popular-wordpress-plugins/