WordPress Plugin Vulnerabilities

WP Multiple Meta Box 1.0 - Authenticated Blind SQL Injection

Description

The multi-meta-box WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
multi-meta-box
No known fix

References

URL
http://www.vulnerability-lab.com/get_content.php?id=1818
URL
https://seclists.org/fulldisclosure/2016/Apr/35

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
Yes
WPVDB ID
148d8cf2-95c0-4978-a065-e725b9f7d150

Timeline

Publicly Published
2016-04-08 (about 10 years ago)
Added
2016-04-12 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2021-10-14
Title
WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection
Published
2026-03-23
Title
JetEngine < 3.8.6.2 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter
Published
2024-06-04
Title
Email Subscribers by Icegram Express < 5.7.21 - Unauthenticated SQL Injection via hash
Published
2025-11-21
Title
PopupKit < 2.2.0 - Authenticated (Subscriber+) SQL Injection
Published
2019-10-31
Title
WP Google Review Slider <= 6.1 - Authenticated SQL Injection