The WordPress CRM Plugin for WordPress is vulnerable to a type of attack called SQL injection. In versions up to 3.72, there is not enough protection for user-supplied parameters, and the SQL query is not carefully prepared. This allows an attacker to add extra code to an existing query, which can be used to steal sensitive information from the database.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
