The G Auto-Hyperlink WordPress plugin through 1.0.1 does...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Nov 8, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 30, 2023
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
References