SQL Injection Vulnerability in Participants Database Plugin for WordPress
CVE-2014-3961

Currently unrated

Key Information:

Vendor: Wordpress
Status: Participants Database
Vendor: CVE Published:; 4 June 2014

Summary

The Participants Database plugin for WordPress suffers from a SQL injection vulnerability in its Export CSV feature. Attackers can exploit this weakness through a manipulated 'query' parameter in the 'output CSV' action, allowing them to execute arbitrary SQL commands. This vulnerability affects versions prior to 1.5.4.9 and poses a significant risk to websites utilizing the plugin. Website administrators are urged to update to the latest version promptly to mitigate the risk of data breaches.

References

http://packetstormsecurity.com/files/126878/WordPress-Par...

x_refsource_MISC

https://www.yarubo.com/advisories/1

x_refsource_MISC

http://www.exploit-db.com/exploits/33613

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 4, 2014