CVE-2023-5082 Information

Description

The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.

Reference

https://wpscan.com/vulnerability/13a196ba-49c7-4575-9a49-3ef9eb2348f3