WordPress Plugin Vulnerabilities

WatuPRO < 5.5.3.7 - SQL Injection

Description

The watupro WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
watupro
Fixed in 5.5.3.7

References

CVE
CVE-2017-9834
Exploitdb
42291
URL
http://calendarscripts.info/watupro/support.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
bd0c0750-fe95-47bf-bf9d-c5d923e26a37

Timeline

Publicly Published
2017-07-03 (about 8 years ago)
Added
2017-09-07 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-09-19
Title
TI WooCommerce Wishlist < 2.9.1 - Unauthenticated SQL Injection via lang parameters
Published
2021-06-29
Title
Image Slider by Ays - Responsive Slider and Carousel < 2.5.0 - Authenticated Blind SQL Injection
Published
2023-01-23
Title
WP Yelp Review Slider < 7.1 - Subscriber+ SQLi
Published
2024-08-20
Title
App Builder – Create Native Android & iOS Apps On The Flight < 4.3.4 - Unauthenticated Limited SQL Injection via app-builder-search
Published
2025-04-17
Title
Super Store Finder < 7.5 - Unauthenticated SQL Injection