SQL Injection Vulnerability in All In One WP Security & Firewall Plugin by WordPress
CVE-2015-0894

Currently unrated

Key Information:

Vendor: Wordpress
Status: All In One WordPress Security And Firewall
Vendor: CVE Published:; 7 March 2015

Summary

The All In One WP Security & Firewall plugin for WordPress contains a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands. This can have detrimental effects on the security of the site, potentially leading to unauthorized access to sensitive data. Users are advised to upgrade to version 3.8.8 or later to mitigate the risk and secure their websites.

References

https://wordpress.org/plugins/all-in-one-wp-security-and-...

x_refsource_CONFIRM

http://jvn.jp/en/jp/JVN30832515/index.html

third-party-advisoryx_refsource_JVN

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000037

third-party-advisoryx_refsource_JVNDB

Timeline

Vulnerability published
Mar 7, 2015
Vulnerability Reserved
Jan 8, 2015