WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. A SQL injection vulnerability exists in versions of the WordPress Ubigeo de Peru plugin prior to version 3.6.4, which stems from the fact that certain parameters passed by the plugin through AJAX operations are not properly cleaned and escaped before being used to stitch together SQL statements are not properly cleaned and escaped before being used to stitch together SQL statements. An unauthenticated attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress ubigeo de peru | lt | 3.6.4 |