Information disclosure

2023-05-3008:15:00

PRIOn knowledge base

www.prio-n.com

information disclosure

fast & effective popups

lead-generation

wordpress

sql injection

report api

multi-site configuration

sensitive information

database

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin’s report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site’s database.