ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Paid Business Listings Plugin 1.0.2 - Blind SQL Injection

Product
Paid Business Listings
Description
This WordPress Paid Business Listings plugin is prone to a blind SQL injection. Input data from the form submission is not properly sanitized and false statements will not appear on the busines listings page, while true statements will result in the listing appearing on the business listings page.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.2
Fixed In 1.0.3
Disclosure date
2012-06-30
Credits
Chris Kellum