Security Researchers have discovered that Popular ‘WP-Recent comments’ plugin for WordPress is vulnerable to SQL Injection attack. Due to this, your sensitive Website data could be manipulated if you’re using this plugin. The SQL Injection vulnerability is confirmed with WP Recent Comments Version 2.0.7 and Other versions may also be affected. We strongly advise you to immediately disable and uninstall the Plugin until the new and safe version is released.
|WP-Recent Comments Plugin Description||The Plugin shows recently added comments in the Sidebar of WordPress blog.|
|Version(s) Affected||2.0.7 and Other Versions|
|Plugin Description & Download||Plugin Download Page|
|Vulnerability Description||The issue is due to the index.php script which is not properly sanitizing user-supplied input to the ‘id’ parameter.|
|Impact||Self hosted WordPress Blogs.|
|Solution||Disable/Uninstall WP-Recent Comments Plugin.|