WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 SQLI
Impact: High
Description
SQL injection is a type of attack where malicious SQL queries are inserted into input data, allowing attackers to manipulate the database. Successful exploitation can lead to data theft, modification of database records, unauthorized access, and even control over the entire database management system (DBMS).
Recommendation
Update or remove the affected plugin.
References
- CWE-20
- CWE-89
- OWASP 2021-A3
- OWASP 2021-A6
- OWASP: ESAPI project
- OWASP: SQL Injection
- Wikipedia: Prepared statement
- WordPress
- WordPress: WP Support Plus Responsive Ticket System
👉 You might also like:
WordPress Plugin JTRT Responsive Tables 4.1 SQLI - Vulnerability
WordPress Plugin WP Fastest Cache 0.8.4.8 Blind SQLI - Vulnerability
WordPress Plugin WP Statistics 13.0.7 Time Based SQLI - Vulnerability
WordPress Plugin Bannerize 2.8.6 SQLI - Vulnerability
Last updated on May 13, 2024