A c GET parameter of the Comment Highlighter WordPress plugin up to and including 0.13 is not properly sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
comment highlighter project comment highlighter |