SQL Injection Vulnerability in Plugmatter Opt-In Feature Box Lite Plugin for WordPress
CVE-2015-9451
9.8CRITICAL
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 7 October 2019
What is CVE-2015-9451?
The Plugmatter Opt-In Feature Box Lite plugin for WordPress, prior to version 2.0.14, is susceptible to SQL injection through the pmfb_tid parameter in admin-ajax.php when the pmfb_mailchimp action is invoked. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data or the execution of arbitrary SQL commands.