WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Users Ultra has a SQL injection vulnerability, which stems from the inability to properly clean and escape the data_target parameter, insert it into a SQL statement, and execute it via rating_vote AJAX operation, which can be exploited by attackers to resulting in SQL injection.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress Users Ultra | eq | 3.1.0 |