A critical blind SQL vulnerability has been discovered in the WordPress Plugin Related Sites plugin. User input is not being sanitized in BTE_RW_webajax.php file (line 27), therefore the attacker can inject SQL via POST.
Update plugin.
CPE | Name | Operator | Version |
---|---|---|---|
related sites | le | 2.1 |