A SQL Injection vulnerability has been discovered in the WordPress Icons Font Loader Plugin. This vulnerability could allow a malicious actor to directly interact with your database, including but not limited to stealing information.
This vulnerability was discovered and reported by minhtuanact.
The vulnerability is caused by a lack of input validation in the plugin’s code. This allows an attacker to inject malicious code into the website, which is then executed when visitors visit the site.
The vulnerability has a CVSS 3.1 score of 8.5, which is considered to be high severity. This means that the vulnerability is moderately likely to be exploited and could have a significant impact on the affected system.
All versions of the WordPress Icons Font Loader Plugin are affected by this vulnerability.
An attacker who successfully exploits this vulnerability could directly interact with your database, including but not limited to stealing information. This could allow the attacker to take control of your website or steal sensitive data.
There is currently no patched version of the WordPress Icons Font Loader Plugin available. To mitigate the risk of exploitation, it is recommended that you disable the plugin until a patched version is released.