SQL Injection Flaw in WP-RecentComments Plugin for WordPress
CVE-2012-1067

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-recentcomments
Vendor: CVE Published:; 14 February 2012

Summary

The WP-RecentComments plugin version 2.0.7 for WordPress contains a vulnerability that permits remote attackers to execute arbitrary SQL commands. This can occur through improper handling of the 'id' parameter within the 'rc-content' action in the index.php file, which can lead to serious data breaches and unauthorized access to the database. Attackers can leverage this weakness to manipulate database queries, potentially exfiltrating sensitive information or compromising the integrity of the application's data.

References

http://osvdb.org/78820

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/47870

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/72951

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 14, 2012