Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 up to and including 1.4.3 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wassup plugin 1.4 |
||
wordpress wassup plugin |