Description
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server.
Remediation
Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.
References
SQL Injection (SQLi) - Acunetix
Types of SQL Injection (SQLi) - Acunetix
Prevent SQL injection vulnerabilities in PHP applications and fix them - Acunetix
Related Vulnerabilities
WordPress Plugin wpForo Forum SQL Injection (2.3.3)
WordPress Plugin Master Slider-Responsive Touch Slider SQL Injection (2.5.1)
WordPress Plugin WP eCommerce 'collected_data[]' SQL Injection (3.8.4)
WordPress Plugin Slider by 10Web-Responsive Image Slider SQL Injection (1.2.35)
WordPress Plugin Consulting Elementor Widgets SQL Injection (1.3.0)