WordPress Plugin Vulnerabilities

Contextual Related Posts < 1.8.10.2 - Multiple Parameter SQL Injection

Description

The Contextual Related Posts WordPress plugin was affected by a contextual-related-posts.php Multiple Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
contextual-related-posts
Fixed in 1.8.10.2

References

CVE
CVE-2014-3937

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.3 (high)

Miscellaneous

Verified
No
WPVDB ID
33d5eee2-1dae-4f21-85d7-67fc11634c64

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-11-19 (about 5 years ago)

Other

Published
Title
Published
2024-06-19
Title
Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress < 1.2.6 - Authenticated (Contributor+) SQL Injection
Published
2021-07-24
Title
Simple Events Calendar <= 1.4.0 - Authenticated (admin+) SQL Injection
Published
2026-03-12
Title
WOLF – WordPress Posts Bulk Editor and Manager Professional < 1.0.9 - Authenticated (Editor+) SQL Injection
Published
2022-12-08
Title
Qe SEO Handyman <= 1.0 - Admin+ SQLi
Published
2023-10-03
Title
Video Gallery – YouTube Gallery < 2.2.6 - Admin+ SQLi