SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and previous versions for WordPress allows remote malicious users to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
andrew_charlton my_category_order |
||
andrew_charlton my_category_order 2.7.1 |
||
andrew_charlton my_category_order 2.7 |
||
andrew_charlton my_category_order 2.6.1a |
||
andrew_charlton my_category_order 2.6.1 |