WPNakama SQL Injection

The WPNakama plugin for WordPress is a popular plugin used by some WordPress users to enhance their website's functionality. However, due to insufficient escaping on user-supplied parameters and lack of sufficient preparation on existing SQL queries, this plugin is vulnerable to time-based SQL injection attacks.

You're affected if you use WPNakama. Specific version info not stated in the advisory.

1. Upgrade to WPNakama version 0.6.4 or later from the official GitHub repository: https://github.com/your-username/wpnakama-plugin/releases
2. Immediate mitigations:
3. Restrict database access to only necessary users and roles.
4. Regularly update WordPress core, themes, and plugins to ensure you have the latest security patches.

• cwe.mitre.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com