Last week we had requests from the IP address 185.100.222.127 to our website that looked like they might be a hacker probing for usage of the plugins SendinBlue Subscribe Form And WP SMTP and Table Maker. After seeing that, we checked over the plugins to try find if there was a vulnerability in them that a hacker would be interested in.

With SendinBlue we found a SQL injection vulnerability that might be able to be used to cause PHP object injection to occur. PHP object injection is a type of issue that is highly likely to be exploited if it exists. That vulnerability has yet to be fixed. [Read more]