Description
WordPress Plugin MicroCopy is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin MicroCopy version 1.1.0 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
References
Related Vulnerabilities
Python Use After Free Vulnerability (CVE-2022-48560)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)
WebLogic Improper Input Validation Vulnerability (CVE-2017-15707)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-1899)
WordPress Plugin Lazyest Gallery EXIF Code Cross-Site Scripting (1.1.20)