WordPress Plugin Vulnerabilities

WordPress Facebook <= 1.0.13 - Authenticated SQL Injection

Description

http://www.defensecode.com/advisories/DC-2017-04-011_WordPress_Facebook_Plugin_Advisory.pdf

Proof of Concept

Affects Plugins

Plugin icon
spider-facebook
Fixed in 1.0.14

References

URL
https://www.defensecode.com/advisories/DC-2017-04-011_WordPress_Facebook_Plugin_Advisory.pdf
URL
https://plugins.trac.wordpress.org/changeset/1631122/spider-facebook

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Neven Biruski
Submitter website
http://www.defensecode.com
Submitter twitter
https://twitter.com/DefenseCode/
Verified
No
WPVDB ID
27e1be87-d06b-4425-86c4-86b42aade30f

Timeline

Publicly Published
2017-05-02 (about 9 years ago)
Added
2017-05-05 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-09-11
Title
Slimstat Analytics < 5.0.10 - Contributor+ SQL Injection
Published
2023-08-11
Title
Donations Made Easy - Smart Donations <= 4.0.12 - Admin+ SQLi
Published
2021-07-23
Title
Comment Highlighter <= 0.13 - Authenticated SQL Injection
Published
2025-04-05
Title
Broken Link Checker by AIOSEO < 1.2.4 - Authenticated (Contributor+) SQL Injection
Published
2023-05-11
Title
Slimstat Analytics < 5.0.5 - Admin+ SQLi