Hello, I’m a new member of the community and I’d like to share my experience with you! I would like to introduce to you some vulnerable plugins that allow sql injection in WordPress, mainly those that are used in very large numbers. We strongly recommend that you check your version of each plugin and update it if you are using a version that has not been fixed.

2000px-SQL_ANATOMY_wiki.svg

What is sql injection?

Simply put, a sql injection is a method by which the contents of a WordPress database (which contains all settings and post data) can be rewritten in a way not originally intended by the program. If a malicious user takes advantage of this sql injection, he/she can rewrite WordPress posts, take away administrative privileges, and even change most of the settings.

There are many plug-ins and themes that are vulnerable to sql injection, and in many cases, the vulnerability has been fixed by version upgrades, so we recommend updating to the latest version if you are using this plug-in.

sql injection in wordpress itself

It has been reported that WordPress 4.3 or lower has a SQL Injection vulnerability in the core files. It is a sanitization-related bug and has been fixed since 4.3

sql injection in plugins

WP Statistics < 12.0.8 300,000 installed

NextGEN Gallery < < 2.1.57 million installs

Ninja Forms < under 2.9.55.2 600,000 installs

All In One WordPress Security and Firewall < under 3.8 400,000 installs

Facebook < under 1.01 100,000 installations

SEO Plugin by Yoast < under 1.7.3.3 3 million installs

WP-Slimstat < under 3.9.5 million installs

You can also check WordPress vulnerabilities here WordPress Vulnerability Assessment Security Scanner