|Software:||WordPress WP Symposium Plugin , vulnerable versions: <=14.12|
SQL inection vulnerability was reported in WordPress WP Symposium Plugin.
Vulnerability is caused by an input validation error while processing the "tray" POST parameter to wp-symposium/ajax/mail_functions.php (when "action" is set to "getMailMessage" and "mid" is set to a valid message ID). A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application`s database.
Further exploitation of this vulnerability may result in unauthorized data manipulation.