SQL Injection Vulnerability in Another WordPress Classifieds Plugin by WordPress
CVE-2014-10013

Currently unrated

Key Information:

Vendor: Wordpress
Status: Another WordPress Classifieds Plugin
Vendor: CVE Published:; 13 January 2015

Summary

The Another WordPress Classifieds Plugin for WordPress contains an SQL injection vulnerability that allows remote attackers to manipulate the database. This security flaw occurs via the keywordphrase parameter within the dosearch action, enabling attackers to execute arbitrary SQL commands. Exploitation of this vulnerability could lead to unauthorized access to sensitive information or data manipulation, compromising the integrity of the affected system.

References

http://packetstormsecurity.com/files/129035/Another-WordP...

x_refsource_MISC

http://www.exploit-db.com/exploits/35204

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/98589

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015