SQL Injection Vulnerability in Google Doc Embedder Plugin for WordPress
CVE-2014-9173

Currently unrated

Key Information:

Vendor: Wordpress
Status: Google Doc Embedder
Vendor: CVE Published:; 2 December 2014

Summary

The Google Doc Embedder plugin for WordPress prior to version 2.5.15 is susceptible to a SQL injection vulnerability. This issue arises from improper validation of user inputs in the view.php file, specifically the gpid parameter. As a result, remote attackers can inject arbitrary SQL commands, potentially compromising the security of the database and the integrity of the WordPress site. This vulnerability underscores the need for immediate updates to safeguard against unauthorized database access and exploitation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98944

vdb-entryx_refsource_XF

https://plugins.trac.wordpress.org/changeset/1023572/goog...

x_refsource_CONFIRM

http://security.szurek.pl/google-doc-embedder-2514-sql-in...

x_refsource_MISC

Timeline

Vulnerability published
Dec 2, 2014
Vulnerability Reserved
Dec 2, 2014