Lucene search

K
patchstackDimitrios TsagkarakisPATCHSTACK:9EEDD3886253EF681C8A561F1AF0C50D
HistoryJun 03, 2017 - 12:00 a.m.

WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability

2017-06-0300:00:00
Dimitrios Tsagkarakis
patchstack.com
6

0.001 Low

EPSS

Percentile

46.8%

WordPress WP-Testimonials plugin is prone to SQL injection vulnerability. The vulnerability allows an authenticated user to execute arbitrary SQL commands via the β€œtestid” parameter to wp-admin/admin.php

Solution

           WordPress WP-Testimonials plugin removed from WordPress plugin directory. We suggest you deactivate and remove plugin for safety reasons.

Update (06.26.2017) - plugin still not available on WordPress plugin directory, plugin vendor website unreachable.

CPENameOperatorVersion
wp-testimonialsle3.4.1

0.001 Low

EPSS

Percentile

46.8%

Related for PATCHSTACK:9EEDD3886253EF681C8A561F1AF0C50D