Application : WordPress HD Webplayer
Versions Affected: < 1.1
Exploit : SQL Injection
Threat Level: Low
Fix: Unknown
Credit: Joinse7en
External Website: http://www.hdwebplayer.com
What does it mean, do I have to do anything, if so what?
HD Webplayer is a WordPress video player plugin. A malicious user could inject SQL commands to insert data into the MySQL database which could cause the system to fill up. The threat is fairly low but it is always worth keeping uptodate. Follow the instructions on the plugin website.
What happens if I leave it?
A malicious user can only insert data, therefore there is a possibility of the MySQL partition becoming full which would in turn crash MySQL and possibly the server.