CVE-2017-1002004

Name of the Vulnerable Software and Affected Versions DTracker version 1.5

Description The issue concerns a lack of input sanitization in the DTracker plugin for WordPress. Specifically, in the file ./dtracker/download.php, user input via the id variable is not properly sanitized before being added to an SQL query. This could potentially lead to SQL injection attacks.

Recommendations For DTracker version 1.5, consider modifying the download.php file to sanitize user input via the id variable before adding it to SQL queries to prevent potential SQL injection attacks. As a temporary workaround, restrict access to the download.php file until a proper fix is implemented.