A SQL Injection vulnerability has been identified in the WordPress Horizontal Scrolling Announcement Plugin. This vulnerability could allow a malicious actor to directly interact with the database, including but not limited to stealing information.

This vulnerability was discovered and responsibly reported by Lana Codes.

The vulnerability is a SQL Injection vulnerability that occurs in the horizontal-scrolling-announcement.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.


The vulnerability has a CVSS 3.1 score of 8.5, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the Horizontal Scrolling Announcement Plugin.

Plugin Closure:

To protect WordPress users, the Horizontal Scrolling Announcement Plugin has been closed and is no longer available for download or activation as of September 18, 2019. This closure is due to a violation of WordPress plugin guidelines. It is essential to comply with this closure and remove the plugin from WordPress installation immediately.


An attacker who successfully exploits this vulnerability could:

  • Steal sensitive data from your database, such as user information, credit card numbers, and product details.
  • Modify or delete data in your database.
  • Take control of your database and website.


Strongly advise WordPress website administrators to take the following actions:

  1. Deactivate and Delete the Plugin: If anyone currently using the Horizontal Scrolling Announcement Plugin, deactivate and delete it from WordPress installation immediately.
  2. Scan and Audit: Conduct a thorough security scan and audit of the WordPress website to identify any potential issues or signs of compromise.
  3. Database Check: Review the WordPress database for any unauthorized or suspicious activity. Change database passwords and credentials if necessary.
  4. Stay Informed: Stay informed about security updates and vulnerabilities related to WordPress plugins and themes.