Description
WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to an arbitrary SQL query execution vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.16.38 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.17.38 or latest
References
https://codesymphony.co/arbitrary-sql-and-php-execution-in-wordpress-plugin-via-shortcode/
https://plugins.svn.wordpress.org/elisqlreports/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin BuddyPress Global Search Cross-Site Scripting (1.1.0)
Oracle Application Server CVE-2006-0283 Vulnerability (CVE-2006-0283)
WordPress Plugin Float to Top Button Cross-Site Scripting (2.3.6)
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29203)
WordPress Plugin WP Page Builder Multiple Vulnerabilities (1.2.3)