An SQL injection vulnerability has been identified in pre-2.3.1 Magento code. An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage.
To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. To protect against this vulnerability and others, you must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8.
Upgrade to the latest version of Magento. Magento released version 2.3.1, along with patched versions for 2.2.x, 2.1.x, and 1.1.
WordPress Plugin WP Photo Album Plus 'wppa-album' Parameter SQL Injection (4.1.1)
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)
WordPress Plugin WP Session Manager SQL Injection (1.2.1)
WordPress Plugin Wordpress Poll SQL Injection (36)
WordPress Plugin Migration, Backup, Staging-WPvivid SQL Injection (0.9.52)