SQL Injection Vulnerability in Pay With Tweet Plugin for WordPress
CVE-2012-5350

Currently unrated

Key Information:

Vendor: Wordpress
Status: Pay-with-tweet
Vendor: CVE Published:; 9 October 2012

What is CVE-2012-5350?

A SQL injection vulnerability exists in the Pay With Tweet plugin for WordPress, allowing remote authenticated users with specific permissions to manipulate database queries through the 'id' parameter in a paywithtweet shortcode. This flaw could lead to unauthorized SQL commands being executed, posing a security risk to WordPress installations utilizing this plugin. Site administrators are advised to update to the latest version to mitigate this risk.

References

http://www.osvdb.org/78204

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/51308

vdb-entryx_refsource_BID

http://www.exploit-db.com/exploits/18330

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2012
Vulnerability Reserved
Oct 9, 2012

Wordpress

What is CVE-2012-5350?

References

Timeline