WordPress Plugin Vulnerabilities

Plugmatter Optin Feature Box <= 2.0.13 - Unauthenticated Blind SQL Injection

Description

The Plugmatter Optin Feature Box WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
plugmatter-optin-feature-box-lite
Fixed in 2.0.14

References

CVE
CVE-2015-9451
CVE
CVE-2015-9450
URL
http://cinu.pl/research/wp-plugins/mail_ec951d52aa603c9caaca8c7005b84004.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
16ec9e98-1519-462a-b3c2-62c5946f39d0

Timeline

Publicly Published
2015-07-16 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
wordpress-simple-shout-box - SQL Injection
Published
2014-08-01
Title
FireStorm Professional Real Estate - Multiple SQL Injection
Published
2024-12-14
Title
Critical Site Intel <= 1.0 - Unauthenticated SQL Injection
Published
2023-03-22
Title
Events Made Easy <= 2.3.14 - Subscriber+ SQLi
Published
2022-12-20
Title
WP Pipes < 1.4.0 - Admin+ SQLi