WordPress Plugin Vulnerabilities
Hide My WP < 6.2.4 - Unauthenticated SQL Injection
Description
The plugin does not escape the IP address (retrieved via headers such as X-Forwarded-For) before using it in a SQL statement, leading to an SQL injection
Affects Plugins
References
CVE
Classification
Type
SQLI
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-11-24 (about 2 years ago)
Added
2021-11-24 (about 2 years ago)
Last Updated
2022-04-10 (about 2 years ago)