The Bestbooks WordPress plugin up to and including 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
presspage bestbooks |