CVE-2014-5182

Currently unrated

Key Information:

Vendor: Wordpress
Status: YaWPp
Vendor: CVE Published:; 6 August 2014

Summary

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-inj...

x_refsource_MISC

http://wordpress.org/plugins/yawpp/changelog/

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 6, 2014