Report
The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.8.4 due to insufficient escaping on the profile_id user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Score:8.5
Severity:High
Version: 4.8.4
There is a patch available in v4.9.0 and we strongly recommend you update to this version as soon as possible.
