SQL Injection Vulnerability in ENL Newsletter Plugin for WordPress
CVE-2014-4939

Currently unrated

Key Information:

Vendor: Wordpress
Status: Enl-newsletter
Vendor: CVE Published:; 11 July 2014

What is CVE-2014-4939?

An SQL injection vulnerability exists in the ENL Newsletter plugin version 1.0.1 for WordPress, enabling remote authenticated administrators to execute arbitrary SQL commands through the id parameter on the enl-add-new page within the wp-admin/admin.php interface. This flaw poses significant security risks, allowing potential exploitation that can compromise database integrity and expose sensitive information.

References

http://codevigilant.com/disclosure/wp-plugin-enl-newslett...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 11, 2014

Wordpress

What is CVE-2014-4939?

References

Timeline