WordPress Plugin Vulnerabilities

wp-championship <= 5.8 - Authenticated Blind SQL Injection

Description

The wp-championship WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-championship
Fixed in 5.9

References

CVE
CVE-2015-5308

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Larry W. Cashdollar
Submitter twitter
_larry0
Verified
No
WPVDB ID
071b39e9-c4dd-40cc-91b8-773b361df622

Timeline

Publicly Published
2015-10-23 (about 10 years ago)
Added
2015-10-27 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2024-07-04
Title
Paid Memberships Pro < 3.0.6 - Authenticated (Administrator+) SQL Injection
Published
2026-01-08
Title
Lead Capturing Pages <= 2.5 - Unauthenticated SQL Injection
Published
2023-12-21
Title
Pre* Party Resource Hints < 1.8.20 - Admin+ SQLi
Published
2022-11-07
Title
WP User Merger < 1.5.3 - Admin+ SQLi via user_id
Published
2017-08-08
Title
Loginizer <= 1.3.5 - Blind SQL Injection