Description
WordPress Plugin Ajax Category Dropdown is prone to multiple SQL injection vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Ajax Category Dropdown version 0.1.5 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References
Related Vulnerabilities
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1856)
WordPress Plugin OptionTree Cross-Site Scripting (2.5.5)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)
WordPress Plugin WP Dev Powers:ACF Color Coded Field Types Security Bypass (1.0)