Skip to content

Plugins with vulnerabilities that allow sql injection in WordPress

This time, I would like to introduce plug-ins that are used a lot with vulnerabilities that allow sql injection. Users of these plug-ins are strongly encouraged to update.


What is sql injection?

To put it simply, sql injection is a method that can rewrite the contents of a WordPress database (which contains all settings and submission data) in a way that the program originally did not intend. If a malicious user uses sql injection valunability, most changes can be made, including rewriting WordPress posts, taking administrative privileges, and other settings.

There are a lot of plugins and themes that are vulnerable to this sql injection, and they are often corrected by version upgrades. If you use this plugin, we recommend that you update to the latest version.

Sql injection of WordPress it self

Under WordPress 4.3, it is reported that the core file has a SQL Injection vulnerability. This is a sanitization related bug that has been fixed in 4.3

Plug-in sql injection valunability

WP Statistics & lt; Less than 12.0.8 Installed 300,000

NextGEN Gallery & lt; Less than 2.1.57 Installed 1 million

Ninja Forms & lt; Less than Installed 600,000

All In One WordPress Security and Firewall & lt; Less than 3.8 Installed 400,000

Facebook & lt; Less than 1.01 Installed 100,000

SEO Plugin by Yoast WordPress Doctor Malware Scan & Security Plug-in