A SQL injection vulnerability has been discovered in the WordPress Accessibility Suite by Online ADA plugin. This vulnerability could allow a malicious actor to directly interact with the database, including but not limited to stealing information.
This vulnerability was discovered and reported by minhtuanact.
The vulnerability is caused by a lack of input validation in the plugin’s code. This allows an attacker to inject malicious code into the website, which is then executed.
There is currently no patched version of the Accessibility Suite by Online ADA plugin available. Therefore, it is important to uninstall the plugin until a patched version is released.
Severity:
This vulnerability has been classified with a high-severity CVSS 3.1 score of 8.5. This score signifies the substantial threat it poses and the urgency of mitigation.
Affected Versions:
All versions of the WordPress Accessibility Suite by Online ADA plugin are affected by this vulnerability.
Impact:
The consequences of a SQL Injection vulnerability in a WordPress plugin are severe:
- Data Theft: Attackers may steal sensitive data from the database, including user information and credentials.
- Data Manipulation: The vulnerability can lead to unauthorized modification of data, causing disruption and damage to the website.
- Privacy Violations: User privacy is at risk, with potential legal and reputational repercussions.
Recommendation:
In light of the critical nature of this vulnerability, we strongly recommend the following actions:
- Plugin Removal: As the plugin is no longer available for download and no patch is accessible, consider removing the Accessibility Suite by Online ADA Plugin from WordPress installation.
- Security Audits: Conduct regular security audits on the website to detect and address vulnerabilities proactively.
- Data Encryption: Implement robust data encryption measures to protect sensitive information within the database.