SQL Injection Vulnerability in Gocodes Plugin for WordPress
CVE-2015-9398

8.8HIGH

Key Information:

Vendor

Wordpress
Status
Gocodes
Vendor
CVE Published:
20 September 2019

What is CVE-2015-9398?

The Gocodes plugin for WordPress has a security flaw that allows an SQL injection attack via the 'gcid' parameter in the wp-admin/tools.php file. This vulnerability can be exploited by an unauthenticated attacker to manipulate database queries, potentially leading to unauthorized access to sensitive information or data corruption. Users of the Gocodes plugin are highly encouraged to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://wpvulndb.com/vulnerabilities/8322
x_refsource_MISC
https://wordpress.org/plugins/gocodes/#developers
x_refsource_MISC
http://cinu.pl/research/wp-plugins/mail_7ab7e224de198b2ed...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.