WordPress is a set of blogging platform developed by the WordPress Foundation using the PHP language. WordPress Wicked Folders plugin in version 2.8.10 has a SQL injection vulnerability, which stems from the failure to filter and escape the oder_id parameter, and can be used by attackers to execute illegal SQL commands to steal sensitive database data.