WordPress Plugin Vulnerabilities

Easy Social Icons < 1.2.4 - Authenticated SQL Injection

Description

The Easy Social Icons WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
easy-social-icons
Fixed in 1.2.4

References

URL
http://cinu.pl/research/wp-plugins/mail_eda543df27bb7db4111b7d22edf3dc42.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
03b5239b-77d2-4ddd-85a0-14915d9a9806

Timeline

Publicly Published
2015-07-22 (about 10 years ago)
Added
2015-11-23 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2023-10-18
Title
GeoDirectory < 2.3.29 - Authenticated (Administrator+) SQL Injection via orderby
Published
2024-04-16
Title
SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton
Published
2023-04-24
Title
HTTP Headers < 1.18.8 - Admin+ SQL Injection
Published
2025-06-03
Title
WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.7 - Unauthenticated SQL Injection
Published
2024-12-05
Title
KiviCare – Clinic & Patient Management System (EHR) < 3.6.5 - Unauthenticated SQL Injection