SNS Vulnerability

WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities

Description

Two vulnerabilities have been discovered in the G-Lock Double Opt-in Manager plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerabilities are caused due to application not checking permission in the wp-content/plugins/g-lock-double-opt-in-manager/ajaxbackend.php script and can be exploited to e.g. manipulate the subscribers list via wp-admin/admin-ajax.php (when "action" is set to "gsom_aj_delete_subscriber" or "gsom_aj_unsubscribe").
Note: This can further be exploited to conduct SQL injection attacks.
The vulnerabilities are confirmed in version 2.6.2. Other versions may also be affected.

Vulnerable Products

Vulnerable Software:
WordPress G-Lock Double Opt-in Manager Plugin 2.x

Solution

No official solution is currently available.

CVE

References

http://packetstormsecurity.org/files/115173/WordPress-G-Lock-Double-Opt-in-Manager-2.6.2-SQL-Injection.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
SQL injection Prevention - POST : suspicious SELECT statement in data	3.2.0
SQL injection Prevention - POST : possible version probing in data	3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data	3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data	3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data	3.2.0
SQL injection Prevention - POST : suspicious OR statement in data	3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data	3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	3.2.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data	3.2.0
SQL injection Prevention - POST : suspicious CAST statement in data	3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious SELECT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DECLARE statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data	5.0.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data	5.0.0
SQL injection Prevention - POST : suspicious CAST statement in data	5.0.0
SQL injection Prevention - POST : suspicious EXEC statement in data	5.0.0
SQL injection Prevention - POST : suspicious CREATE statement in data	5.0.0
SQL injection Prevention - POST : suspicious INSERT statement in data	5.0.0
SQL injection Prevention - POST : suspicious DROP statement in data	5.0.0
SQL injection Prevention - POST : suspicious HAVING statement in data	5.0.0
SQL injection Prevention - POST : suspicious UNION statement in data	5.0.0
SQL injection Prevention - POST : suspicious OR statement in data	5.0.0
SQL injection Prevention - POST : possible version probing in data	5.0.0

Risk level

Low

Vulnerability First Public Report Date

2012-08-02

Target Type

Server

Possible exploit

Remote