SQL Injection Flaw in WP-RecentComments Plugin for WordPress
CVE-2012-1067

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP-recentcomments
Vendor
CVE Published:
14 February 2012

What is CVE-2012-1067?

The WP-RecentComments plugin version 2.0.7 for WordPress contains a vulnerability that permits remote attackers to execute arbitrary SQL commands. This can occur through improper handling of the 'id' parameter within the 'rc-content' action in the index.php file, which can lead to serious data breaches and unauthorized access to the database. Attackers can leverage this weakness to manipulate database queries, potentially exfiltrating sensitive information or compromising the integrity of the application's data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/78820
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/47870
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/72951
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.