Blind SQL Injection Vulnerability in Dukapress Plugin by WordPress
CVE-2015-1000011

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Dukapress
Vendor: CVE Published:; 6 October 2016

Summary

A Blind SQL Injection vulnerability exists in the Dukapress plugin for WordPress version 2.5.9, which can allow an attacker to manipulate database queries and gain unauthorized access to sensitive information. By exploiting this flaw, attackers can execute arbitrary SQL commands, potentially leading to data breaches and compromising the integrity of a WordPress site. It is crucial for users of this plugin to apply relevant security patches to mitigate potential risks.

References

http://www.vapidlabs.com/advisory.php?v=152

x_refsource_MISC

http://www.securityfocus.com/bid/94567

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2016
Vulnerability Reserved
Jun 7, 2016