CVE-2017-18602

Name of the Vulnerable Software and Affected Versions examapp plugin version 1.0 for WordPress

Description The issue concerns SQL injection via the id parameter in the "wp-admin/admin.php?page=examapp UserResult" API endpoint. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For examapp plugin version 1.0, consider restricting access to the "wp-admin/admin.php?page=examapp UserResult" endpoint until a fix is available. As a temporary workaround, avoid using the id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.