Lucene search
Kacper SzurekPATCHSTACK:BBA74127BB66374575EC0A94C46A574EHistoryMar 03, 2015 - 12:00 a.m.
WordPress Audio Player Plugin <= 2.0 - Multiple SQL Injection
2015-03-0300:00:00
Kacper Szurek
patchstack.com
4
0.005 Low
EPSS
Percentile
77.5%
Because of these vulnerabilities, the administrators can execute arbitrary SQL commands via the “itemid” parameter in the wonderplugin_audio_show_item. Also, an authenticated user can execute arbitrary SQL commands via the “item[id]” parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| audio player | le | 2.0 |
Related
nvd
nvd
CVE-2015-2199
2015-03-03 19:59:05
prion
prion
Sql injection
2015-03-03 19:59:00
cve
cve
CVE-2015-2199
2022-10-03 16:16:09
cvelist
cvelist
CVE-2015-2199
2022-10-03 16:16:09
wpvulndb
wpvulndb
WonderPlugin Audio Player 2.0 - Blind SQL Injection & XSS
2015-02-19 00:00:00
kaspersky
kaspersky
KLA10491 Multiple vulnerabilities in WordPress plugins
2015-03-17 00:00:00