Description
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Author Image Information Disclosure (1.5)
WordPress Plugin WP Data Access Security Bypass (5.1.3)
WordPress Plugin Chat Cross-Site Scripting (1.0.8)
WordPress Plugin WP REST API (WP API) Cross-Site Request Forgery (1.1)
WordPress Plugin Comprehensive Google Map Cross-Site Request Forgery (9.1.3)