A time-based blind SQL injection vulnerability exists in the Read More & Accordion WordPress plugin (versions up to and including 3.5.7). The flaw resides in the `getAllDataByLimit()` and `getAccordionAllDataByLimit()` functions within `ReadMoreData.php`, where user-supplied input via the `orderby` parameter is improperly sanitized before being concatenated into an ORDER BY clause. The code applies `esc_s [truncated]
The Read More & Accordion plugin for WordPress is vulnerable to privilege escalation in all versions up to and including 3.5.7. The vulnerability exists in the `RadMoreAjax::importData` function, which fails to restrict which database tables can be written to during import operations and does not properly validate imported data. This allows authenticated attackers with permissions granted through the plug [truncated]
