2021-11-08 17:34:50
WPScan
PUBLISHED
The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an id GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection