WordPress Plugin Vulnerabilities

Double Opt-In for Download < 2.1.0 - Authenticated SQL Injection

Description

The double-opt-in-for-download WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
double-opt-in-for-download
Fixed in 2.1.0

References

URL
https://security.szurek.pl/double-opt-in-for-download-209-sql-injection.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
KacperSzurek
Verified
No
WPVDB ID
5618f14b-594d-4101-8f35-39b24e920516

Timeline

Publicly Published
2016-06-06 (about 9 years ago)
Added
2016-06-07 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-01-16
Title
WordPress Custom Sidebar <= 2.3 - Authenticated (Contributor+) SQL Injection
Published
2026-01-23
Title
WP-ClanWars <= 2.0.1 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter
Published
2014-08-01
Title
WP Forum Server 1.6.5 - feed.php topic Parameter SQL Injection
Published
2022-04-19
Title
Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi
Published
2024-05-14
Title
Alt Text AI – Automatically generate image alt text for SEO and accessibility < 1.5.0 - Authenticated (Subscriber+) SQL Injection