[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SQL injection in Wordpress plugin Buddypress
I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST message with sql injection is below.
POST /wp-load.php HTTP/1.1