A SQL Injection vulnerability has been identified in the WordPress iPanorama 360 WordPress Virtual Tour Builder Plugin. This vulnerability could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This vulnerability was discovered and responsibly reported by Unknown.

The vulnerability is an SQL Injection vulnerability that occurs in the ipn-ajax.php file. The vulnerability allows an attacker to exploit a flaw in the way that the plugin handles user input to inject malicious SQL code into the database.

Severity:

The vulnerability has a CVSS 3.1 score of 7.6, which is considered to be high. This means that the vulnerability is likely to be exploited and could have a significant impact on the affected system.

Affected Versions:

The vulnerability affects all versions of the iPanorama 360 WordPress Virtual Tour Builder plugin prior to 1.8.0.

Impact:

An attacker who successfully exploits this vulnerability could:

  • Steal information from your database, such as user information, credit card information, and other sensitive data.
  • Modify or delete data in your database.
  • Disable your website or database.
  • Take complete control of your website and database.

Recommendation:

Users of the iPanorama 360 WordPress Virtual Tour Builder plugin are strongly advised to update to the latest available version (at least 1.8.0) as soon as possible. This vulnerability has been fixed in version 1.8.0.

Conclusion:

This vulnerability is a serious threat to the security of WordPress websites that use the iPanorama 360 WordPress Virtual Tour Builder plugin. Users are strongly advised to update to the latest available version (at least 1.8.0) as soon as possible.