SQL Injection Vulnerability in WordPress Cart66 Lite Plugin
|Software:||WordPress Cart66 Lite Plugin 1.x , vulnerable versions: <=18.104.22.168|
SQL inection vulnerability has been discovered in WordPress Cart66 Lite Plugin.
Vulnerability is caused by an input validation error while processing the “id” POST parameter to wp-admin/admin-ajax.php (when “action” is set to “shortcode_products_table”). A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.
For WordPress Cart66 Lite Plugin 1.x: Update to version 1.5.2.