Multiple SQL Injection Vulnerabilities in WassUp Plugin for WordPress
CVE-2008-0520

Currently unrated

Key Information:

Vendor: Wordpress
Status: Wassup Plugin
Vendor: CVE Published:; 31 January 2008

Summary

The WassUp plugin for WordPress, specifically versions 1.4 through 1.4.3, is susceptible to multiple SQL injection vulnerabilities. These weaknesses expose the application to remote attackers, allowing them to execute arbitrary SQL commands through manipulated parameters, namely 'from_date' and 'to_date'. This exploitation can lead to unauthorized data access and potential compromise of the site's integrity.

References

http://www.wpwp.org/archives/warning-security-bug-in-vers...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/5017

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/27525

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 31, 2008
Vulnerability Reserved
Jan 31, 2008