WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Testimonial Plugin prior to 1.4.7. The vulnerability stems from the failure of the Testimonial plugin to validate and escape before using the id parameter in SQL statements when retrieving recommendations to be edited, which could be used by an attacker to exploit the vulnerability to execute illegal SQL commands to steal sensitive database data.