CVE-2014-8810

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 24 December 2014

Summary

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.

References

http://security.szurek.pl/wp-symposium-1410-multiple-xss-...

x_refsource_MISC

http://www.exploit-db.com/exploits/35505

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/62643

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Dec 24, 2014
Vulnerability Reserved
Nov 13, 2014