============================================================================ WordPress G-Lock Double Opt-in Manager Plugin SQL Injection version <= 2.6.2 ============================================================================ sql injection in file ajaxbackend.php line 519 and 817 u must be logd in (subscriber or anything) u post data "action" = "gsom_aj_delete_subscriber" or "gsom_aj_unsubscribe" and data "json" = array in json here is html example. log in to wordpress and then go to this document:
the admin-ajax will run the ajaxbackend eventually, and then all subscribers will be deleted, even though u r only a subscriber user!!! ============================================================================ found by::: BEASTIAN greetings to:: PRIZMA - SPACE ACE ============================================================================