SQL Injection Flaw in FeedWordPress Plugin Affects WordPress Users
CVE-2015-4018

Currently unrated

Key Information:

Vendor: Wordpress
Status: FeedWordPress
Vendor: CVE Published:; 21 May 2015

Summary

A vulnerability exists in the FeedWordPress plugin for WordPress, allowing remote authenticated users to manipulate SQL commands. This flaw is located in the file feedwordpresssyndicationpage.class.php and can be exploited through the link_ids[] parameter during an Update action in syndication.php. By leveraging this vulnerability, malicious users may execute arbitrary SQL queries, potentially leading to unauthorized access and data manipulation.

References

https://wordpress.org/plugins/feedwordpress/changelog/

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/37067/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2015/May/75

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
May 21, 2015
Vulnerability Reserved
May 18, 2015