WordPress is a set of blogging platforms developed by the WordPress (Wordpress) Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Embed Youtube Video 1.0 and earlier versions are vulnerable to SQL injection, which stems from the plugin’s editid GET parameter not being cleaned, escaped or validated before being inserted into SQL statements, leading to SQL injection. An attacker could use this vulnerability to obtain sensitive database information.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress embed youtube video | le | 1.0 |