Blind SQL Injection in Filedownload Plugin for WordPress
CVE-2015-1000003

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Filedownload
Vendor: CVE Published:; 6 October 2016

Summary

The Filedownload plugin for WordPress version 1.4 is susceptible to Blind SQL Injection, allowing an attacker to execute unauthorized SQL queries. This vulnerability could lead to the extraction of sensitive information directly from the database, potentially compromising user data and application integrity. Mitigation efforts are recommended to secure your WordPress environment and protect against potential exploitation.

References

http://www.vapidlabs.com/advisory.php?v=140

x_refsource_MISC

http://www.securityfocus.com/bid/97106

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 7, 2016