WordPress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the ‘Manufacturer[]’ parameter which allows an authenticated attacker to inject a malicious SQL query.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25379
Reference (s):
- https://zeroaptitude.com/misha/wordpress-plugin-bug-hunting-part-2/