WordPress Fluent Support plugin <= 1.5.7 - Authenticated SQL Injection (SQLi) vulnerability
PSID
7c50d12de180
Classification
SQL Injection
OWASP Top 10
A1: Injection
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-08-02
Patchstack vPatch available since
09.12.2021
Details
Authenticated SQL Injection (SQLi) vulnerability discovered by Rafshanzani Suhada in WordPress Fluent Support plugin (versions <= 1.5.7).
Solution
Update the WordPress Fluent Support plugin to the latest available version (at least 1.5.8).
References
Vulnerability details