SQL Injection vulnerability in WordPress Horizontal Scrolling Announcement Plugin

A SQL Injection vulnerability has been identified in the WordPress Horizontal Scrolling Announcement Plugin. This vulnerability could allow a malicious actor to directly interact with the database, including but not limited to stealing information.

This vulnerability was discovered and responsibly reported by Lana Codes.

The vulnerability is a SQL Injection vulnerability that occurs in the horizontal-scrolling-announcement.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.

Severity:

The vulnerability has a CVSS 3.1 score of 8.5, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the Horizontal Scrolling Announcement Plugin.

Plugin Closure:

To protect WordPress users, the Horizontal Scrolling Announcement Plugin has been closed and is no longer available for download or activation as of September 18, 2019. This closure is due to a violation of WordPress plugin guidelines. It is essential to comply with this closure and remove the plugin from WordPress installation immediately.

Impact:

An attacker who successfully exploits this vulnerability could:

Steal sensitive data from your database, such as user information, credit card numbers, and product details.
Modify or delete data in your database.
Take control of your database and website.

Recommendation:

Strongly advise WordPress website administrators to take the following actions:

Deactivate and Delete the Plugin: If anyone currently using the Horizontal Scrolling Announcement Plugin, deactivate and delete it from WordPress installation immediately.
Scan and Audit: Conduct a thorough security scan and audit of the WordPress website to identify any potential issues or signs of compromise.
Database Check: Review the WordPress database for any unauthorized or suspicious activity. Change database passwords and credentials if necessary.
Stay Informed: Stay informed about security updates and vulnerabilities related to WordPress plugins and themes.

SQL Injection vulnerability in WordPress Horizontal Scrolling Announcement Plugin

Severity:

Affected Versions:

Plugin Closure:

Impact:

Recommendation:

Related Articles

WordPress The Awesome Feed – Custom Feed Plugin Cross-Site Scripting (XSS) Vulnerability

Cross-Site Scripting (XSS) vulnerability in WordPress Leyka Plugin

Local File Inclusion vulnerability in WordPress Dropbox Folder Share Plugin

Arbitrary File Deletion vulnerability in WordPress WPvivid Backup and Migration Plugin

Critical SQL Injection Vulnerability Found in WordPress WP Database Administrator Plugin

WordPress Booking Calendar Plugin Cross-Site Scripting (XSS) Vulnerability

Categories

Latest Blog Updates

Unmasking a Persistent Malware Attack on a WordPress Website

Investigating and Resolving High CPU Usage in WordPress Due to Malicious Crawlers

Unmasking a Hidden Malware Attack Targeting Users from Search Results

Critical Broken Access Control Vulnerability in WP Travel Plugin

Critical Broken Access Control Vulnerability in WooODT Lite Plugin

Critical Local File Inclusion Vulnerability in HTML filter and csv-file search Plugin

Critical Remote Code Execution Vulnerability in PHP to Page Plugin