The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin prior to 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
frenify mediamatic |