SQL Injection Vulnerability in Landing Pages Plugin for WordPress
CVE-2013-6243

Currently unrated

Key Information:

Vendor: Wordpress
Status: Landing Pages Plugin
Vendor: CVE Published:; 23 October 2013

Summary

A SQL injection vulnerability exists in the Landing Pages plugin for WordPress, specifically in versions prior to 1.2.3 and those released before October 9, 2013. This flaw allows remote attackers to execute arbitrary SQL commands through the manipulation of the 'post' parameter in index.php, posing risks to the integrity and confidentiality of the database.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87803

vdb-entryx_refsource_XF

http://plugins.trac.wordpress.org/changeset?reponame=&old...

x_refsource_CONFIRM

http://osvdb.org/98334

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Oct 23, 2013
Vulnerability Reserved
Oct 23, 2013