SQL issues with HDW Player Plugin

  • Millennial Monitor

    (@millennial-monitor)


    10 years ago

    SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. See: SecuriTeam

    SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). See: SQL Injection

    ALWAYS DO DUE DILIGENCE BEFORE DOWNLOADING PLUGINS

    https://www.ads-software.com/plugins/hdw-player-video-player-video-gallery/

Viewing 1 replies (of 1 total)
  • Plugin Author hdw player

    (@hdw-player)

    SQL injection vulnerability had been resolved and updated in the version of HDW Player (3.2).

    The current version of HDW Player is 3.4.

    Regards,
    HDW Player

Viewing 1 replies (of 1 total)
  • The topic ‘SQL issues with HDW Player Plugin’ is closed to new replies.