User Control - Unauthenticated SQL Injection



Description
The User Control plugin has a vulnerability that allows every (unauthenticated) website visitor to perform arbitrary SQL queries.

Affects Plugin

References

URL https://gist.github.com/JustThomas/cc6251400b2f7f4f7d4ed900798e9364

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter JustThomas
Submitter Website https://github.com/JustThomas
Views 4328
Verified No
WPVDB ID 9019

Timeline

Publicly Published 2018-01-28 (over 1 year ago)
Added 2018-01-29 (over 1 year ago)
Last Updated 2018-01-29 (over 1 year ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin