WordPress Plugin Vulnerabilities

wpDiscuz < 7.6.6 - Unauthenticated SQL Injection

Description

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.6.6

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Verified
No
WPVDB ID
ebb5ed9a-4fb2-4d64-a8f2-6957878a4599

Timeline

Publicly Published
2023-09-18 (about 2 years ago)
Added
2023-11-07 (about 2 years ago)
Last Updated
2023-11-07 (about 2 years ago)

Other

Published
Title
Published
2026-03-20
Title
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes < 3.7.24 - Unauthenticated SQL Injection
Published
2025-01-07
Title
WPMU Prefill Post <= 1.02 - Authenticated (Administrator+) SQL Injection
Published
2023-03-22
Title
WP Popup Banners <= 1.2.5 - Subscriber+ SQLi
Published
2025-04-03
Title
Product Filter by WBW < 2.8.0 - Unauthenticated SQL Injection via filtersDataBackend Parameter
Published
2025-05-16
Title
Printcart Web to Print Product Designer for WooCommerce < 2.4.1 - Unauthenticated SQL Injection