Required CVE Record Information
Description
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
Credits
- Nguyen Van Khanh - SunCSR (Sun* Cyber Security Research) finder
- WPScan coordinator
References 1 Total
- https://wpscan.com/vulnerability/5ee77dd7-5a73-4d4e-8038-23e6e763e20c/ exploitvdb-entrytechnical-description
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 1 Total
- https://wpscan.com/vulnerability/5ee77dd7-5a73-4d4e-8038-23e6e763e20c/ exploitvdb-entrytechnical-descriptionx_transferred