Closed quanhx11 closed 2 years ago
Thank you for the input @quanhx11! I'm going to have to edit your comment to hide the exploit details until we release a fix, and afterwards I'll put it back. Stay tuned! 😎
tks bro, contact to me if you have any questions 👍
@quanhx11 we used the $wpdb->prepare() method to fix this issue. The new version will be released in the next few days.
Hi @optimocha , I requested CVE ID for this bug, can you publicize this exploit? Thank you.
@quanhx11 looks like it's already publicized: https://wpscan.com/vulnerability/4a27d374-f690-4a8a-987a-9e0f56bbe143
A SQL Injection vulnerability and Cross Site Scripting caused SQL Injection vulnerability exists in version 4.3.2 of plugins speed booster pack of wordpress when MySQL or MariaDB is used as the application database.
(Redacted temporarily)
SOLUTION: