WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. SQL injection vulnerability exists in versions of WordPress StaffList plugin prior to 3.1.5, which stems from the fact that parameters entered by search employees in the admin dashboard are not properly cleaned and escaped when used to stitch SQL statements are not properly cleaned and escaped. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress stafflist plugin | lt | 3.1.5 |