Simple Personal Message 1.0.3 – Plugin WordPress – Sql Injection
Homepage: https://wordpress.org/plugins/simple-personal-message/ Description: Type user access: any user. $_GET[‘message’] is not escaped. sirv_get_row_by_id() is accessible for every registered user. File / Code: Path: /wp-content/plugins/simple-personal-message/admin/partials/simple-personal-message-admin-view.php Line: 25 <?php global $wpdb; $table = $wpdb->prefix . ‘spm_message’; $id = esc_attr($_GET[‘message’]); $message = $wpdb->get_results(“SELECT * FROM $table WHERE id = $id”); $user = get_user_by(‘login’, $message[0]->sender); …