|CERT-In Vulnerability Note
SQL Injection Vulnerability in WordPress
Original Issue Date:November 08, 2017
Severity Rating: MEDIUM
- WordPress 4.8.2 and earlier.
A vulnerability has been reported in WordPress, which could be exploited by remote attacker to conduct an SQL injection attack on a targeted system.
1. SQL injection Vulnerability
This vulnerability exists due to insufficient security restrictions and improper processing of user-supplied input by the affected application. A remote attacker could exploit this vulnerability by submitting crafted queries to the affected application.
Successful exploitation of this vulnerability could allow an attacker to conduct an SQL injection attack, which could be used to access sensitive information on the system.
Apply appropriate fixes as issued by vendor in the following link
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003