SQL Injection Vulnerabilities in Simple Ads Manager Plugin by WordPress
CVE-2015-2824

Currently unrated

Key Information:

Vendor: Wordpress
Status: Simple Ads Manager
Vendor: CVE Published:; 6 April 2015

Summary

The Simple Ads Manager plugin for WordPress has multiple SQL injection vulnerabilities that allow attackers to execute arbitrary SQL commands remotely. These vulnerabilities can be exploited through specific parameters in the plugin's AJAX controllers, enabling unauthorized access to the database. This could lead to data exposure, data manipulation, or even complete takeover of the site if exploited successfully. It is recommended to update to version 2.7.97 or later to mitigate these risks.

References

http://www.securityfocus.com/archive/1/535168/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://plugins.trac.wordpress.org/changeset/1136202/simp...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/535165/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2015
Vulnerability Reserved
Apr 1, 2015