CVE-2015-9450

Name of the Vulnerable Software and Affected Versions plugmatter-optin-feature-box-lite plugin versions prior to 2.0.14

Description The issue concerns SQL injection via the "wp-admin/admin-ajax.php?action=pmfb cc" API endpoint, specifically through the pmfb tid parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 2.0.14, update to version 2.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php?action=pmfb cc" API endpoint or avoiding the use of the pmfb tid parameter until the update is applied.