WordPress freshmail-newsletter plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. freshmail-newsletter is an email marketing and newsletter plugin used in it. A SQL injection vulnerability exists in WordPress...

CVE-2015-9496

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FMform id=' substring...

Sql injection

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FMform id=' substring...

CVE-2015-9496

CVE-2015-9496 affects the WordPress plugin “freshmail-newsletter” prior to version 1.6. The vulnerability is a SQL Injection in shortcode.php via the FM_form id= substring, caused by missing validation/sanitization of the shortcode attribute before including it in a SQL query. Exploitation is fea...

CVE-2015-9496

The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FMform id=' substring...

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection

WordPress Plugin Freshmail 1.5.8 - shortcode.php SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link:...

WordPress Freshmail Plugin <= 1.5.8 - SQL Injection

Freshmail plugin is prone to an SQL injection that exists in "id" parameter via shortcode.php. It allows to insert shortcodes without administrator's permission when page is editing. Solution Update the plugin...

WordPress Plugin Freshmail 1.5.8 - &#039;shortcode.php&#039; SQL Injection

Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link: https://downloads.wordpress.org/plugin/freshmail-newsletter.latest-stable.zip Version:...

WordPress Plugin Freshmail 1.5.8 - SQL Injection

Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms where formid="'.$result'fmformid'.'";'...

WordPress Plugin Freshmail 1.5.8 - SQL Injection

WordPress Plugin Freshmail 1.5.8 - SQL Injection Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wpdb-prefix.'fmforms...

WordPress Freshmail 1.5.8 SQL Injection

------------------------ ISSUE 1: Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Software Link:...

Wordpress Freshmail Plugin 1.5.8 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Unauthenticated SQL Injection on Wordpress Freshmail 1 Google Dork: N/A Date: 05/05/2015 Exploit Author: Felipe Molina de la Torre @felmoltor Vendor Homepage: http://freshmail.com/ Version: getrow'select from '.$wp...

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...

Freshmail for WordPress <= 1.5.8 - shortcode.php SQL Injection

There is a SQL Injection vulnerability available for collaborators or higher privileged users for webs with freshmail plugin installed. The SQL Injection is located in the attribute "id" of the inserted shortcode FMform id="N". The shortcode attribute "id" is not sanitized before inserting it in ...