The vulnerability only affects websites where FULLTEXT search has been manually enabled for the post_title and post_content columns. This is done using the following SQL command:
ALTER TABLE wp_posts ADD FULLTEXT(post_title, post_content);This issue is specific to tables with the wp_ prefix.
Potential Risk:
If FULLTEXT search is enabled for post_title and post_content in your database, an attacker could potentially access sensitive information such as the database name and username using functions like DATABASE() or USER().
Recommendation:
Regardless of whether you have enabled FULLTEXT search or not, we strongly recommend updating to the latest version of App Builder to ensure your websiteβs security.
Regarding about search with ?app-builder-search
The ?app-builder-search feature was originally developed as an experimental tool to speed up search functionality on WordPress websites. However, it was never fully implemented and is not used in the Cirilla app.
Upcoming Developments:
We are excited to announce the development of a new plugin called “Search Filter Pro.” This plugin will address search issues on large websites and provide enhanced search and filter functionality, especially optimized for mobile devices.
App builder version 5.x
In the upcoming version, we are refactoring App Builder to enhance performance. Key improvements include:
- Fixes: Addressing warnings from plugin checkers.
- Dependency Management: Loading dependencies only when necessary.
- Feature Management: Loading features and integrations only when enabled.
- Code Restructuring: Rebuilding the code and structure for better efficiency.