SQL Injection Vulnerabilities in WonderPlugin Audio Player for WordPress
CVE-2015-2199

Currently unrated

Key Information:

Vendor

Wordpress
Status
Audio Player
Vendor
CVE Published:
3 March 2015

What is CVE-2015-2199?

The WonderPlugin Audio Player plugin for WordPress prior to version 2.1 is susceptible to multiple SQL injection vulnerabilities. Remote authenticated users can exploit these vulnerabilities to execute arbitrary SQL commands through various parameters in admin AJAX actions, thereby compromising the integrity of the database. Additionally, remote administrators may leverage the vulnerabilities in specific admin pages to manipulate data, posing significant risks to application security. It is crucial for users to update to the latest version to mitigate these threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://security.szurek.pl/wonderplugin-audio-player-20-bl...
x_refsource_MISC
http://osvdb.org/show/osvdb/118508
vdb-entryx_refsource_OSVDB
http://www.exploit-db.com/exploits/36086
exploitx_refsource_EXPLOIT-DB

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.