Description
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPoints Multiple Vulnerabilities (1.7.0)
axios Improper Input Validation Vulnerability (CVE-2019-10742)
WordPress Plugin Latest Posts by BestWebSoft Cross-Site Scripting (0.2)
WordPress Plugin AzonPost Cross-Site Scripting (1.3)
WordPress Plugin Passster-Password Protection Security Bypass (3.5.5.8)