WordPress ProPlayer Plugin 'playlist-controller.php' Parameter SQL Injection Vulnerability

The ProPlayer plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

ProPlayer 4.7.7 SQL Injection

Exploit Title: ProPlayer plugin tablePrefix."proplayerplaylist WHERE POSTID='$id'"; $playlistRow = mysqlfetchrow$query; return $this-withBackwardCompatibility$playlistRow2; ... if !empty$GET"ppplaylistid" header"Content-type: application/xml"; $xml =...