-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exploit SQL injection and XSS in function data engine converter #53
Comments
Thank you for the input @quanhx11! I'm going to have to edit your comment to hide the exploit details until we release a fix, and afterwards I'll put it back. Stay tuned! 😎 |
tks bro, contact to me if you have any questions 👍 |
@quanhx11 we used the $wpdb->prepare() method to fix this issue. The new version will be released in the next few days. |
Hi @optimocha , I requested CVE ID for this bug, can you publicize this exploit? Thank you. |
@quanhx11 looks like it's already publicized: https://wpscan.com/vulnerability/4a27d374-f690-4a8a-987a-9e0f56bbe143 |
A SQL Injection vulnerability and Cross Site Scripting caused SQL Injection vulnerability exists in version 4.3.2 of plugins speed booster pack of wordpress when MySQL or MariaDB is used as the application database.
(Redacted temporarily)
SOLUTION:
The text was updated successfully, but these errors were encountered: