The myCred WordPress plugin prior to 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mycred mycred |