ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Gift Voucher plugin <=1.0.5 - Authenticated Blind SQL Injection (SQLi) vulnerability

Product
Gift Vouchers
Description
Authenticated Blind SQL Injection (SQLi) vulnerability found by Renos Nikolaou in WordPress Gift Voucher plugin (versions <=2.0.1).
Solution
2018.09.01 - we were unable to find information about fixed vulnerability.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
Exploit DB
CVE
Name CVE-2018-16159
Versions
Affected In <=1.0.5
Disclosure date
2018-09-01
Credits
Renos Nikolaou
Submitter
ThreatPress