SQL Injection Flaw in Content Audit Plugin for WordPress by WordPress
CVE-2014-5389

Currently unrated

Key Information:

Vendor: Wordpress
Status: Content Audit
Vendor: CVE Published:; 6 October 2014

Summary

An SQL injection vulnerability exists in the Content Audit plugin for WordPress, specifically in the content-audit-schedule.php file. This issue allows remote attackers to execute arbitrary SQL commands through the 'Audited content types' option in the content-audit page. If exploited, this vulnerability can enable attackers to manipulate the database, potentially leading to unauthorized access or data exfiltration.

References

http://packetstormsecurity.com/files/128525/WordPress-Con...

x_refsource_MISC

http://www.securityfocus.com/bid/70214

vdb-entryx_refsource_BID

https://security.dxw.com/advisories/blind-sqli-vulnerabil...

x_refsource_MISC

Timeline

Vulnerability published
Oct 6, 2014
Vulnerability Reserved
Aug 22, 2014