WordPress Plugin Vulnerabilities

Adminer <= 1.4.5 - Security Bypass

Description

The plugin is still affected and has been closed.

Proof of Concept

Affects Plugins

Plugin icon
adminer
No known fix

References

URL
https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allows_public__local__database_login.html

Miscellaneous

Original Researcher
David Vaartjes
Verified
No
WPVDB ID
32b9991c-ccd0-4f82-a75e-c286403b2ba9

Timeline

Publicly Published
2017-03-03 (about 9 years ago)
Added
2020-02-28 (about 6 years ago)
Last Updated
2020-02-29 (about 6 years ago)

Other

Published
Title
Published
2020-12-14
Title
Limit Login Attempts Reloaded < 2.17.4 - Login Rate Limiting Bypass
Published
2021-01-20
Title
123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary Post Creation
Published
2018-02-08
Title
Swape Theme - Authentication Bypass and Stored XSS
Published
2024-09-17
Title
WP Hardening – Fix Your WordPress Security < 1.2.7 - Unauthenticated Security Feature Bypass to Username Enumeration
Published
2015-07-18
Title
WordPress Mobile Pack <= 2.1.2 - Information Disclosure