This time, I would like to introduce plug-ins that are used a lot with vulnerabilities that allow sql injection. Users of these plug-ins are strongly encouraged to update.
What is sql injection?
To put it simply, sql injection is a method that can rewrite the contents of a WordPress database (which contains all settings and submission data) in a way that the program originally did not intend. If a malicious user uses sql injection valunability, most changes can be made, including rewriting WordPress posts, taking administrative privileges, and other settings.
There are a lot of plugins and themes that are vulnerable to this sql injection, and they are often corrected by version upgrades. If you use this plugin, we recommend that you update to the latest version.
Sql injection of WordPress it self
Under WordPress 4.3, it is reported that the core file has a SQL Injection vulnerability. This is a sanitization related bug that has been fixed in 4.3
Plug-in sql injection valunability
WP Statistics & lt; Less than 12.0.8 Installed 300,000
NextGEN Gallery & lt; Less than 2.1.57 Installed 1 million
Ninja Forms & lt; Less than 2.9.55.2 Installed 600,000
All In One WordPress Security and Firewall & lt; Less than 3.8 Installed 400,000
Facebook & lt; Less than 1.01 Installed 100,000
SEO Plugin by Yoast