WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. The WordPress plugin CP Image Store with Slideshow version 1.0.68 has a SQL injection vulnerability, which is caused by the plugin’s failure to filter and escape the query parameter ordering_by is not filtered and escaped before. An unauthenticated attacker could use this vulnerability to perform SQL injection attacks.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress cp image store with slideshow | lt | 1.0.68 |