Because of these vulnerabilities, the administrators can execute arbitrary SQL commands via the “itemid” parameter in the wonderplugin_audio_show_item. Also, an authenticated user can execute arbitrary SQL commands via the “item[id]” parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
audio player | le | 2.0 |