WP < 6.0.2 – SQLi via Link API
Discription

The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_bookmarks() for example.Read More

Back to Main

Subscribe for the latest news: