CVE-2015-4018

Currently unrated

Key Information:

Vendor: Wordpress
Status: FeedWordPress
Vendor: CVE Published:; 21 May 2015

Summary

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

References

https://wordpress.org/plugins/feedwordpress/changelog/

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/37067/

exploitx_refsource_EXPLOIT-DB

http://seclists.org/fulldisclosure/2015/May/75

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
May 21, 2015
Vulnerability Reserved
May 18, 2015