WordPress.org

Ready to get started?Download WordPress

Forums

MM Forms Community
SQL Injection vulnerability reported in MM Forms Community (7 posts)

  1. nigelparrydotnet
    Member
    Posted 2 years ago #

    WordPress MM Forms Community plugin is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Successful exploitation requires "magic_quotes" directive set to "Off". MM Forms Community plugin version 1.2.3 is vulnerable; other versions may also be affected.

    REFERENCES
    http://www.securityfocus.com/bid/49335/
    http://www.exploit-db.com/exploits/17725/
    http://packetstormsecurity.org/files/view/104516/wpmmforms-sql.txt

    Are there any plans to fix this?

    http://wordpress.org/extend/plugins/mm-forms-community/

  2. Email plugins[AT]wordpress.org with security concerns like that, please.

    Please note, WordPress only knows about security holes if people report them, and the correct way to report them is via email to that address.

  3. nigelparrydotnet
    Member
    Posted 2 years ago #

    The reference links up there are Symantec etc and range from August 26th to 28th, so I presumed WordPress has been notified. There has been no statement by the company that makes this.

  4. You misunderstand.

    1) WordPress does not make nor do they own plugins. The Plugin Developer does. Read up on the GPL license. WP just houses the repository.

    2) Unless someone actually remembers to tell them (which I've done just now via email), they know nothing.

    3) WordPress won't fix it, they'll just yank it if they see it's a problem, and remove it from the repository.

    Next time, please do the correct thing. Email plugins[at]WordPress.org

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 2 years ago #

    Not that they're doing-it-right or anything, but version 1.2.3 of the plugin, as given in the trunk repository, does not appear to be vulnerable. They're calling mysql escape functions properly as far as I can see.

    http://plugins.svn.wordpress.org/mm-forms-community/trunk/includes/edit_details.php

    The fix happened 8 days ago: http://plugins.trac.wordpress.org/changeset/433503

  6. nigelparrydotnet
    Member
    Posted 2 years ago #

    Yeah, I get WordPress doesn't make the plugins. Thanks for that pearl.

    I also wrote to the plugin manufacturer, so it's great now we've all done "the correct thing". They were totally non-responsive.

    News of this plugin's vulnerability has not been posted in these forums because I was searching for info on it. So I alerted people. Thanks for the lecture.

  7. Moogle Stiltzkin
    Member
    Posted 2 years ago #

    thx for the security alert, it's much appreciate, my hat off to you kind sir :}

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic