Vulnerabilities

CVE-2014-5182

by Fred · 06/08/2014

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Date published : 2014-08-06

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834445%40yawpp&old=824042%40yawpp&sfp_email=&sfph_mail=#file36

http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection

Similar

Tags: Cybersecurity Alert