13 matches found
SQL Injection
Wordpress is vulnerable to SQL injection. The $wpdb-prepare method creates and executes arbitrary SQL statements within plugins and themes...
CVE-2017-16510
WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...
Sql injection
WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...
CVE-2017-16510
WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...
CVE-2017-16510
WordPress before 4.8.3 is affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723...
wordpress -- multiple issues
wordpress developers reports: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb-prepare can create unexpected and unsafe queries leading to potential SQL injection SQLi. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins a...
WordPress <=4.8.2 - potential SQL injection (SQLi), $wpdb->prepare() issue, possible unsafe queries
Possible security issue found by Anthony Ferrara in WordPress versions =4.8.2. WordPress is not vulnerable itself, but themes or plugins could trigger the vulnerability. Solution Update WordPress to the latest available version at least version 4.8.3...
Sql injection
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...
CVE-2017-14723
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...
EUVD-2017-6220
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb-prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks...
WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
...
WordPress AdRotate plugin <= 3.6.6 - SQL Injection
No description provided by source. Exploit Title: WordPress AdRotate plugin = 3.6.6 SQL Injection Vulnerability Date: 2011-11-8 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/adrotate.3.6.6.zip Version: 3.6.6 tested Note:...