This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection (SQLi) in WordPress plugin. π₯ **Consequences**: Attackers can execute arbitrary SQL commands. π **Impact**: Data theft, database manipulation, potential full site compromise. π **Mechanism**:β¦
π‘οΈ **CWE**: CWE-89 (SQL Injection). β **Flaw**: Failure to validate and escape the `bwg_tag_id_bwg_thumbnails_0` parameter. β οΈ **Context**: Occurs during the `bwg_frontend_data` AJAX action before SQL statement usage.
Q3Who is affected? (Versions/Components)
π¦ **Product**: Photo Gallery by 10Web β Mobile-Friendly Image Gallery. π **Affected Versions**: Before version **1.6.0**. π **Platform**: WordPress sites running this specific plugin.
β **Yes**, Public Exploits Exist. π **PoC**: Python script available on GitHub (X3RX3SSec). π **Scanner**: Nuclei templates available (projectdiscovery). π **Status**: Active exploitation tools are public.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `admin-ajax.php` with `bwg_frontend_data` action. π‘ **Tool**: Use Nuclei with CVE-2022-0169 template. π **Manual**: Run the Python PoC to test for user hash leakage. π **Indicator**: Look for SQL erβ¦
β **Fixed**: Yes, official patch released. π¦ **Version**: Update to **1.6.0** or later. π **Source**: WordPress Trac changeset 2672822 confirms fix. π‘οΈ **Action**: Immediate plugin update recommended.
Q9What if no patch? (Workaround)
π« **Workaround**: Disable the plugin if update is impossible. π **WAF**: Block requests to `admin-ajax.php` containing `bwg_frontend_data`. π **Access Control**: Restrict access to AJAX endpoints via server config. β οΈ **β¦
π₯ **Priority**: **HIGH**. β³ **Urgency**: Critical due to unauthenticated nature. π **Risk**: Direct database access and credential theft. π **Action**: Patch immediately to prevent data breach.