or root. This could lead to the deletion of important data or even the installation of a malicious plugin. You can avoid this risk by only setting the cursor value through the WP admin panel or by using the predefined type=”wp_cursor” value. WordPress versions below 4.9 are also at risk because the WP plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin or root. This could lead to the deletion of important data or even the installation of a malicious plugin. You can avoid this risk by only setting the cursor value through the WP admin panel or by using the predefined type=”wp_cursor” value. WordPress versions below 4.9 are also at risk because the WP plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin or root. This could lead to the deletion of important data or even the installation of a malicious plugin. You can avoid this risk by only setting the cursor value through the WP admin panel or by using the predefined type=”wp_cursor” value. WordPress versions below 4.9 are also at risk because the WP plugin through 3.0 does not properly sanitise and escape a parameter before using it in a SQL statement
Bypass wp_reset_auth_cookie
The wp_reset_auth_cookie function is used to reset the authentication cookie. If this function is bypassed, then the plugin could be used as a backdoor to access other users’ data of an individual logged in to WordPress.
Timeline
Published on: 10/17/2022 12:15:00 UTC
Last modified on: 10/20/2022 14:53:00 UTC