CVE-2021-36916 Information

Description

The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function \hmwp_get_user_ip\ tries to retrieve the IP address from multiple headers including IP address headers that the user can spoof such as \X-Forwarded-For.\ As a result the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query making SQL injection possible.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158 https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-sql-injection-sqli-vulnerability https://patchstack.com/hide-my-wp-vulnerabilities-fixed/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8