Posted by Adrián M . F . on May 27

# Title: SQLi vulnerabilities in WordPress plugin “GigPress”
# Author: Adrián M. F. – adrimf85[at]gmail[dot]com
# Date: 2015-05-25
# Vendor Homepage: https://wordpress.org/plugins/gigpress/
# Active installs: 20,000+
# Vulnerable version: 2.3.8
# Fixed version: 2.3.9
# CVE: CVE-2015-4066

Vulnerabilities (2)
=====================

(1) Authenticated SQLi [CWE-89]
——————————-

* CODE:
admin/handlers.php:87…