Category : exploits

Description Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site (including subscriber profiles). 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused due to lack of permission check on plugin settings ..

Read more