Sql injection

2020-01-0806:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.277 Low

EPSS

Percentile

96.8%

JSON

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

CPENameOperatorVersion
email_subscribers_\\&_newsletterslt4.3.1

CPE	Name	Operator	Version
	email_subscribers_\\&_newsletters	lt	4.3.1

References

packetstormsecurity.com/files/158568/WordPress-Email-Subscribers-And-Newsletters-4.2.2-SQL-Injection.html

wpvulndb.com/vulnerabilities/9947

www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin/