SB2025012728 - Multiple vulnerabilities in Passwords Manager plugin for WordPress
Published: January 27, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2024-12615)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the $wpdb->prefix value in several AJAX actions. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
2) SQL injection (CVE-ID: CVE-2024-12613)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the $wpdb->prefix value in several AJAX fuctions. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
3) SQL injection (CVE-ID: CVE-2024-12614)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "pms_save_setting" and "post_new_pass" AJAX actions. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read data in database.
Remediation
Install update from vendor's website.
References
- https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/admin-page/addon/csv-export/index.php
- https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-categories-ajax-action.php
- https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-passwords-ajax-action.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ce8397d5-6637-4faa-be1f-9cf52c25be9b?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/dec38992-a69f-4ccd-a23b-4dd1639897c3?source=cve
- https://plugins.trac.wordpress.org/changeset/3221505/passwords-manager/trunk/include/pms-settings-ajax-action.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/898c5554-fd02-47a2-a1f9-1c488cfab57e?source=cve