Lucene search
Dimitrios TsagkarakisPATCHSTACK:9EEDD3886253EF681C8A561F1AF0C50DHistoryJun 03, 2017 - 12:00 a.m.
WordPress WP-Testimonials plugin <=3.4.1 - SQL Injection vulnerability
2017-06-0300:00:00
Dimitrios Tsagkarakis
patchstack.com
8
EPSS
0.001
Percentile
46.8%
WordPress WP-Testimonials plugin is prone to SQL injection vulnerability. The vulnerability allows an authenticated user to execute arbitrary SQL commands via the “testid” parameter to wp-admin/admin.php
Solution
WordPress WP-Testimonials plugin removed from WordPress plugin directory. We suggest you deactivate and remove plugin for safety reasons.
Update (06.26.2017) - plugin still not available on WordPress plugin directory, plugin vendor website unreachable.
Related
nvd
nvd
CVE-2017-9418
2017-06-12 13:29:00
exploitpack
exploitpack
WordPress Plugin WP-Testimonials 3.4.1 - SQL Injection
2017-06-03 00:00:00
packetstorm
packetstorm
WordPress WP-Testimonials SQL Injection
2017-06-03 00:00:00
zdt
zdt
WordPress WP-Testimonials Plugin < 3.4.1 - SQL Injection Vulnerability
2017-06-13 00:00:00
cvelist
cvelist
CVE-2017-9418
2017-06-12 13:00:00
prion
prion
Sql injection
2017-06-12 13:29:00
wpvulndb
wpvulndb
WP-Testimonials - Authenticated SQL Injection
2017-06-02 00:00:00
cve
cve
CVE-2017-9418
2017-06-12 13:29:00
exploitdb
exploitdb
WordPress Plugin WP-Testimonials < 3.4.1 - SQL Injection
2017-06-03 00:00:00