WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A SQL injection vulnerability exists in previous versions of the Wordpress Plugin Cookie Notification Plugin 1.0.9, which stems from the product’s failure to validate special characters in the id parameter of a Get request when editing an admin panel action. Validation. An attacker could execute malicious SQL statements through this vulnerability.