Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-43221
HistoryApr 27, 2022 - 12:00 a.m.

WordPress插件Users Ultra SQL注入漏洞

2022-04-2700:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
JSON

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Users Ultra has a SQL injection vulnerability, which stems from the inability to properly clean and escape the data_target parameter, insert it into a SQL statement, and execute it via rating_vote AJAX operation, which can be exploited by attackers to resulting in SQL injection.

CPENameOperatorVersion
WordPress Users Ultraeq3.1.0
JSON