WordPress Plugin LeagueManager 3.8 SQLI

Impact: High

Description

An SQL Injection vulnerability exists in the league_id parameter of a function call made by the leaguemanager_export page.

Recommendation

To mitigate the risk, update the affected plugin to a secure version. If an update is not available or feasible, consider removing the plugin from your WordPress installation.

References

CVE-2013-1852
LeagueManager Plugin
OWASP 2021-A6
WordPress

👉 You might also like:

WordPress Plugin AdRotate 3.6.5 SQLI - CVE-2011-4671

WordPress Plugin AdRotate 3.6.6 SQLI - CVE-2011-4671

WordPress Plugin AdRotate 3.9.4 SQLI - CVE-2014-1854

WordPress Plugin All Video Gallery 1.1 SQLI - CVE-2012-6653

Last updated on May 13, 2024

WordPress Plugin LeagueManager 3.8 SQLI

Description

Recommendation

References

This issue is available in SmartScanner Professional