The plugin Yes/No Chart was closed on the WordPress Plugin Directory on Monday. The next day a new version was submitted with the changelog entry “Fixed shortcode parameter security issue.” Looking at the changes we were able to determine that this was fixing an authenticated SQL injection vulnerability that was exploited through the plugin’s yesno_chart shortcode.

…

[Read more]