| Key | Value |
|---|---|
| Date of Disclosure | February 29, 2024 |
| Affected Software | aweber-web-form-widget |
| Affected Software Type | WordPress plugin |
| Version | 7.3.14 |
| Weakness | SQL Injection |
| CWE ID | CWE-89 |
| CVE ID | https://www.cve.org/CVERecord?id=CVE-2024-1793 |
| CVSS 3.x Base Score | 7.2 |
| CVSS 2.0 Base Score | - |
| Reporter | Kunal Sharma, Akshay Kumar |
| Reporter Contact | mailto:[email protected] |
| Link to Affected Software | https://wordpress.org/plugins/aweber-web-form-widget/ |
| Link to Vulnerability DB | https://nvd.nist.gov/vuln/detail/CVE-2024-1793#VulnChangeHistorySection |
The post_id POST query parameter in aweber-web-form-widget 7.3.14 is vulnerable to SQL injection. An authenticated attacker may abuse the "Unlink the landing page" functionality in unLinklandingPagefunction function inside aweber_webform_plugin.php. This leads to a threat actor crafting a malicious POST request and causing an authenticated SQL injection.
Login as admin user. This vulnerability requires at least admin privileges.
Install and activate affected plugin: AWeber for WordPress.
Plugin AWeber for WordPress requires an active AWeber account (free tier can be used) to embed landing pages and sign-up forms on the WordPress site.
Click on Get Started to create an account/login to an existing account and paste the authorization code in the given text box and click Finish.
Click Landing Pages on the left sidebar.
Click on Create to create a new landing page.
Since this is a new AWeber account, there are no landing pages added yet. We have to add new landing page in the account used to authorize earlier. A sample landing page can be easily created using a default page on: https://www.aweber.com/users/landing_pages
Note: Publish the page once it’s created.
Select list from List drop down menu. Sample list is created automatically on account creation.
Landing page(s) created in Step: 7 can be accessed by selecting the list.
Click Link.
Select a Sample Page and click Link this page.