WP Support Plus Responsive Ticket System 7.1.3 – WordPress Plugin – Sql Injection

Homepage: https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/ Description: Type user access: any user. $_POST[‘cat_id’] is not escaped. Is accessible for any user. File / Code: Path: /wp-content/wp-support-plus-responsive-ticket-system/includes/admin/wpsp_getCatName.php Line: 4 <?php if ( ! defined( ‘ABSPATH’ ) ) exit; // Exit if accessed directly global $wpdb; $category = $wpdb->get_row( “SELECT * FROM {$wpdb->prefix}wpsp_catagories where id=”.$_POST[‘cat_id’] ); echo …

Simple Personal Message 1.0.3 – Plugin WordPress – Sql Injection

Homepage: https://wordpress.org/plugins/simple-personal-message/ Description: Type user access: any user. $_GET[‘message’] is not escaped. sirv_get_row_by_id() is accessible for every registered user. File / Code: Path: /wp-content/plugins/simple-personal-message/admin/partials/simple-personal-message-admin-view.php Line: 25 <?php global $wpdb; $table = $wpdb->prefix . ‘spm_message’; $id = esc_attr($_GET[‘message’]); $message = $wpdb->get_results(“SELECT * FROM $table WHERE id = $id”); $user = get_user_by(‘login’, $message[0]->sender); …