Site icon API Security Blog

WP < 6.0.2 – SQLi via Link API

The get_bookmarks() function does not validate and escape a parameter before using it in a SQL statement, which could lead to SQL injection when user input is passed to it directly or via wp_list_bookmarks() for example.Read More

Exit mobile version