SQL Injection Vulnerabilities in Yawpp Plugin for WordPress
CVE-2014-5182

Currently unrated

Key Information:

Vendor: Wordpress
Status: YaWPp
Vendor: CVE Published:; 6 August 2014

Summary

The Yawpp plugin (version 1.2) for WordPress is susceptible to multiple SQL injection vulnerabilities, allowing remote authenticated users with Contributor privileges to execute arbitrary SQL commands. These vulnerabilities are related to components within the files admin_functions.php and admin_update.php. Affected users can exploit this flaw through specific parameters, notably the 'id' parameter during the update action to wp-admin/admin.php, potentially compromising the system's integrity.

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

http://codevigilant.com/disclosure/wp-plugin-yawpp-a1-inj...

x_refsource_MISC

http://wordpress.org/plugins/yawpp/changelog/

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 6, 2014