Description

WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to multiple vulnerabilities, including arbitrary file download and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to gain access to sensitive information, which may aid in launching further attacks, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.11.33 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 4.11.37 or latest

References

https://www.exploit-db.com/exploits/38176/

Related Vulnerabilities

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

WordPress Plugin BetterLinks-Shorten, Track and Manage any URL Cross-Site Scripting (1.2.5)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6521)

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.2)

WordPress Plugin Media Library Categories Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

Severity

High

Classification

CWE-22 CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update