Description

WordPress Plugin Master Slider-Responsive Touch Slider is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Master Slider-Responsive Touch Slider version 2.5.1 is vulnerable; prior versions may also be affected.

Remediation

Update to the latest version

References

http://cinu.pl/research/wp-plugins/mail_e4550983d80f61073b08bf87da1e442e.html

Related Vulnerabilities

WordPress Plugin WordPress Calls to Action Cross-Site Scripting (2.2.7)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.3.1)

WordPress Plugin Cryptocurrency Widgets Pack SQL Injection (1.8.1)

WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.9.0)

WordPress Plugin Thrive Ovation Security Bypass (2.4.4)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Tags

Missing Update SQL Injection