Description
WordPress Plugin stripShow is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin stripShow version 2.5.2 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References
Related Vulnerabilities
WordPress Plugin WPJobBoard Multiple Cross-Site Scripting Vulnerabilities (4.5.1)
Lodash CVE-2018-16487 Vulnerability (CVE-2018-16487)
WordPress Plugin Backup and Staging by WP Time Capsule Security Bypass (1.21.15)
WordPress Plugin Zero Spam SQL Injection (2.1.2)
SharePoint Improper Input Validation Vulnerability (CVE-2019-0604)