SQL Injection Vulnerability in WP Symposium Plugin by WordPress
CVE-2014-8810

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 24 December 2014

What is CVE-2014-8810?

The WP Symposium plugin for WordPress contains a vulnerability that allows authenticated remote users to perform SQL injection attacks through the tray parameter in the getMailMessage action. This flaw can lead to execution of arbitrary SQL commands, which may compromise the integrity and confidentiality of the data in the database. It is crucial for users and administrators to update to version 14.11 or later to mitigate this security risk.

References

http://security.szurek.pl/wp-symposium-1410-multiple-xss-...

x_refsource_MISC

http://www.exploit-db.com/exploits/35505

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/62643

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Nov 13, 2014

Wordpress

What is CVE-2014-8810?

References

Timeline