SQL Injection Vulnerability in Photocrati Theme for WordPress
CVE-2015-2216

Currently unrated

Key Information:

Vendor: Wordpress
Status: Photocrati
Vendor: CVE Published:; 5 March 2015

Summary

The Photocrati theme version 4.x for WordPress contains an SQL injection vulnerability in the ecomm-sizes.php file. This flaw allows remote attackers to manipulate SQL queries through the 'prod_id' parameter. Successful exploitation can lead to unauthorized data access or modification, compromising the integrity and confidentiality of the database. It is essential for users to apply patches and employ security best practices to mitigate this risk.

References

http://www.securityfocus.com/bid/74854

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/130595/WordPress-Pho...

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/7818

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 5, 2015
Vulnerability Reserved
Mar 5, 2015