WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which stems from the fact that the WP User Frontend WordPress plugin uses the following SQL statement in the subscription server dashboard The status parameter is not validated and escaped before it is used in the subscription server dashboard. An attacker could exploit this vulnerability to execute illegal SQL commands.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress1 WP User Frontend Plugin | lt | 3.5.26 |