Description
SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).
Recommendation
Update or remove the affected plugin.
References
- WordPress: Google Doc Embedder
- OWASP: SQL Injection
- OWASP: ESAPI project
- Wikipedia: Prepared statement
- WordPress
- CVE-2014-9173
- CWE-20
- CWE-89
- CAPEC-66
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- WordPress Plugin Google Document Embedder 2.5.14 SQLI - CVE-2014-9173
- WordPress Plugin AdRotate 3.9.4 SQLI - CVE-2014-1854
- WordPress Plugin Smart Google Code Inserter 3.5 SQLI - CVE-2018-3810
- WordPress Plugin AdRotate 3.6.5 SQLI - CVE-2011-4671
- Tags:
- Wordpress
- SQLI
- Injection
Anything's wrong? Let us know Last updated on May 13, 2024