Build App Online < 1.0.19 - Unauthenticated SQL Injection

Vulnerability

The Build App Online WordPress plugin versions before 1.0.19 fail to properly sanitize and escape parameters before using them in a SQL statement via an AJAX action. This SQL injection vulnerability is exploitable by unauthenticated users [1].

Exploitation

An unauthenticated attacker can send a crafted AJAX request to the vulnerable endpoint, supplying malicious input in the unsanitized parameters. The plugin then uses these unfiltered values directly in a SQL query without proper preparation, allowing the attacker to inject arbitrary SQL commands [1].

Impact

Successful exploitation enables an attacker to execute arbitrary SQL queries on the WordPress site's database. This can lead to extraction of sensitive data (such as user credentials, hashes, or private information), modification of database contents, or potential privilege escalation depending on the database permissions [1].

Mitigation

The vulnerability is fixed in version 1.0.19, released on 2022-12-06 [1]. Users must update the plugin to version 1.0.19 or later. No known workarounds have been disclosed. The vulnerability is not listed on CISA's KEV as of the publication date.