WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in versions of the WordPress side buttons plugin prior to 3.1.5. The vulnerability stems from the plugin’s menu delete feature available to admin users, which accepts the did GET parameter and uses it in SQL statements without proper cleanup, validation, or escaping. An attacker could exploit this vulnerability to cause a SQL injection issue.