WP < 6.0.2 – SQLi via Link API
Discription
The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_bookmarks() for example.Read More
References
Back to Main