SQL Injection Vulnerability in Search Everything Plugin for WordPress
CVE-2014-2316

Currently unrated

Key Information:

Vendor: Wordpress
Status: Search Everything
Vendor: CVE Published:; 9 March 2014

What is CVE-2014-2316?

The Search Everything plugin for WordPress is affected by a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via the 's' parameter to index.php. This security flaw could enable hackers to extract sensitive information from the database, compromise user data, and potentially take over the affected site. It is crucial for users of the plugin to update to version 7.0.3 or later to mitigate this risk and protect their WordPress installations.

References

http://www.securityfocus.com/bid/65765

vdb-entryx_refsource_BID

http://secunia.com/advisories/56820

third-party-advisoryx_refsource_SECUNIA

http://wordpress.org/plugins/search-everything/changelog/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2014
Vulnerability Reserved
Mar 7, 2014

Wordpress

What is CVE-2014-2316?

References

Timeline