CVE-2023-2111 (hollerbox)

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database.

administrators amp api configuration cve database endpoint fast information input leak plugin query report sensitive information sql sql query wordpress wordpress plugin