Cross-site scripting vulnerability in wordpress plugin wp-menu-creator

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin wp-menu-creator due to a failure to...

WordPress Plugin Menu Creator 1.1.7 - SQL Injection

WordPress Plugin Menu Creator 1.1.7 - SQL Injection Exploit Title: WordPress Menu Creator plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $menuid = $GET'menuid'; ... $firstitem = $wpdb-getrow"SELECT FROM " . $wpdb-prefix."menuitems WHERE...