2 matches found
WordPress iThemes Security Plugin SQL Injection (CVE-2018-12636)
A SQL injection vulnerability exists in WordPress iThemes Security Plugin . Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2018-12636
The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...