CVE-2017-20245

Name of the Vulnerable Software and Affected Versions Wow Viral Signups version 2.1

Description An SQL injection allows unauthenticated attackers to extract arbitrary data from the database. This is achieved by sending crafted requests to the 'admin-ajax.php' endpoint using malicious SQL payloads in the unescaped idsignup POST parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.