LoginPress <= 1.1.13 - Unauthorized Blind SQL Injection

Affects Plugin

References

CVE 2019-15872
CVE 2019-15871
URL https://www.webarxsecurity.com/loginpress-plugin/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Luka Sikic
Submitter Luka Sikic
Submitter Website https://www.webarxsecurity.com/
Submitter Twitter webarx_security
Views 3880
Verified No
WPVDB ID 9348

Timeline

Publicly Published 2018-11-29 (over 1 year ago)
Added 2019-06-17 (about 1 year ago)
Last Updated 2019-11-28 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin