Eval Injection Vulnerability in Sniplets Plugin for WordPress
CVE-2008-1060

Currently unrated

Key Information:

Vendor: Wordpress
Status: Sniplets Plugin
Vendor: CVE Published:; 28 February 2008

Summary

The Sniplets plugin for WordPress versions 1.1.2 and 1.2.2 suffers from an eval injection vulnerability that allows remote attackers to execute arbitrary PHP code. By manipulating the 'text' parameter in modules/execute.php, an attacker can gain unauthorized access and execute malicious scripts, which poses significant security risks to the website. It is crucial for users of this plugin to apply necessary security measures or updates to mitigate potential exploits.

References

http://secunia.com/advisories/29099

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/5194

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/488734/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 28, 2008
Vulnerability Reserved
Feb 28, 2008