SQL Injection Vulnerability in Participants Database Plugin for WordPress
CVE-2014-3961

Currently unrated

Key Information:

Vendor

Wordpress
Status
Participants Database
Vendor
CVE Published:
4 June 2014

What is CVE-2014-3961?

The Participants Database plugin for WordPress suffers from a SQL injection vulnerability in its Export CSV feature. Attackers can exploit this weakness through a manipulated 'query' parameter in the 'output CSV' action, allowing them to execute arbitrary SQL commands. This vulnerability affects versions prior to 1.5.4.9 and poses a significant risk to websites utilizing the plugin. Website administrators are urged to update to the latest version promptly to mitigate the risk of data breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/126878/WordPress-Par...
x_refsource_MISC
https://www.yarubo.com/advisories/1
x_refsource_MISC
http://www.exploit-db.com/exploits/33613
exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.