CVE-2020-25379: WordPress vulnerability

WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query.

References

  • zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/
  • Share this info: