Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wicked Folders < 2.18.10 - Subscriber+ SQL Injection
Vulnerability Description
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress plugin SQL注入漏洞
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Wicked Folders 2.8.10版本存在SQL注入漏洞,该漏洞源于没有对older_id参数进行过滤和转义,使得任何经过身份验证的用户都可以进行SQL注入。
CVSS Information
N/A
Vulnerability Type
N/A