WordPress Plugin WP Statistics 13.0.7 Time Based SQLI

Description

SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).

Recommendation

Upgrade to wp-statistics 13.0.8 (or above)

References

• WP Statistics
• OWASP: SQL Injection
• OWASP: ESAPI project
• Wikipedia: Prepared statement
• WordPress
• CWE-20
• CWE-89
• CAPEC-66
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• WordPress Plugin WP Fastest Cache 0.8.4.8 Blind SQLI - Vulnerability
• WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 SQLI - Vulnerability
• WordPress Plugin Bannerize 2.8.6 SQLI - Vulnerability
• WordPress Plugin Bannerize 2.8.7 SQLI - Vulnerability

Tags:

Wordpress

SQLI

Injection