WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. WordPress Zero Spam plugin is a WordPress open source application plugin. SQL injection vulnerability exists in versions of WordPress Zero Spam plugin prior to 5.2.11. The vulnerability stems from the fact that the plugin does not properly clean up and escape order and orderby parameters before using them in the administration dashboard. The vulnerability stems from the plugin not properly cleaning up and escaping order and orderby parameters before using them in SQL statements in the administration dashboard, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress zero spam plugin | lt | 5.2.11 |