CVE-2022-0760 Scanner

The Simple Link Directory plugin is a popular WordPress plugin that allows administrators to create simple and responsive directories for their website. It is a straightforward and easy-to-use plugin that has been downloaded by over 20,000 users worldwide. The plugin is designed to simplify website navigation for users by providing a search and filter system that can categorize links based on various parameters.

However, a severe vulnerability recently surfaced in this plugin, attracting the attention of the cybersecurity community. Tracked as CVE-2022-0760, this vulnerability has been identified as an unauthenticated SQL injection flaw. The Simple Link Directory plugin before version 7.7.2 does not validate and escape the post_id parameter correctly before using it in an SQL statement via the qcopd_upvote_action AJAX action, which is available to both authenticated and unauthenticated users.

An attacker can exploit this vulnerability to take over the targeted WordPress website by injecting malicious SQL code into the search parameter. The attacker can then gain access to sensitive information stored on the website's database, alter the database, or even execute arbitrary code. The vulnerability can be exploited without requiring any authentication, allowing any attacker with access to the search parameters to carry out attacks.

In conclusion, it is essential to take cybersecurity vulnerabilities in WordPress plugins seriously. The Simple Link Directory plugin is just one of the many plugins that can expose a website's database to attackers. With the help of the securityforeveryone.com platform, website administrators can easily and quickly learn about vulnerabilities in their digital assets and protect against attacks.

REFERENCES

• https://plugins.trac.wordpress.org/changeset/2684915
• https://wpscan.com/vulnerability/1c83ed73-ef02-45c0-a9ab-68a3468d2210