Landing Pages Plugin for WordPress 'wp-admin/edit.php' 'post' Parameter SQL Injection
High Nessus Plugin ID 72152
SynopsisThe remote web server hosts a web application that is affected by a SQL injection vulnerability.
DescriptionThe WordPress Landing Pages plugin installed on the remote host is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input to the 'post' parameter of the 'wp-admin/edit.php' script. A remote, unauthenticated attacker can leverage this issue to launch a SQL injection attack against the affected application, leading to manipulation of data in the back-end database or the disclosure of arbitrary data.
SolutionUpgrade to version 1.2.3 or later.