The MainWP Child WordPress plugin prior to 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mainwp mainwp child |