WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection
CVE-2023-51423
9.3CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 31 December 2023
What is CVE-2023-51423?
An SQL Injection vulnerability exists within the Saleswonder Webinar Plugin, utilized for creating live and automated webinars. This issue arises from improper handling of special elements within SQL commands, allowing unauthorized users to manipulate database queries. If exploited, this vulnerability could lead to unauthorized access or data manipulation, endangering user data and overall system integrity. Users are advised to update their plugins to mitigate this risk.
Affected Version(s)
Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition <= 3.05.0