Email Before Download < 3.4.1 - SQL Injection



Description
Email Before Download (https://wordpress.org/plugins/email-before-download/) before version 3.4.1 was vulnerable to several SQL injections.

Affects Plugin

fixed in version 3.4.1

References

URL https://plugins.trac.wordpress.org/changeset/1208641
URL https://plugins.trac.wordpress.org/browser/email-before-download/tags/3.4.1/readme.txt?rev=2297345#L112

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Clément Notin
Submitter Website https://clement.notin.org
Submitter Twitter cnotin
Views 797
Verified No
WPVDB ID 10211

Timeline

Publicly Published 2015-07-28 (almost 5 years ago)
Added 2020-05-04 (2 months ago)
Last Updated 2020-05-11 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin