CVE-2020-11530: WordPress plugin vulnerability

Share this with people that should know this:

A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.

References

  • seclists.org/fulldisclosure/2020/May/26
  • packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.html
  • github.com/idangerous/Plugins/tree/master/Chop%20Slider%203
  • idangero.us/
  • Share this with people that should know this: