WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in the Wordpress Orange Form Plugin 1.0 and earlier versions, which originates in the product admin/orange-form-email.php file in the process_bulk_action function does not validate special characters in user input data. An attacker could exploit this vulnerability to execute malicious SQL.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress orange form plugin | le | 1.0 |