SQL Injection Flaw in FeedWordPress Plugin Affects WordPress Users
CVE-2015-4018

Currently unrated

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
21 May 2015

What is CVE-2015-4018?

A vulnerability exists in the FeedWordPress plugin for WordPress, allowing remote authenticated users to manipulate SQL commands. This flaw is located in the file feedwordpresssyndicationpage.class.php and can be exploited through the link_ids[] parameter during an Update action in syndication.php. By leveraging this vulnerability, malicious users may execute arbitrary SQL queries, potentially leading to unauthorized access and data manipulation.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.