GigPress <= 2.3.28 - Subscriber+ SQLi

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks

N/A

N/A

WordPress Plugin GigPress SQL注入漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin GigPress 2.3.28之前版本存在SQL注入漏洞，该漏洞源于该插件在使用SQL 语句之前不会验证和转义它的一些短代码属性，导致SQL 注入。

N/A

N/A