CVE-2018-12636
The CVE concerns WordPress iThemes Security (better-wp-security) plugin, prior to version 7.0.3. An authenticated admin can exploit an SQL injection via the itsec-logs page (log-orderby parameter) due to improper handling of the ORDER BY clause, enabling arbitrary SQL execution. Remediation: upgr...