WordPress Plugin Vulnerabilities

YAWPP < 1.2.2 - SQL Injection

Description

The yawpp WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
yawpp
Fixed in 1.2.2

References

CVE
CVE-2014-5182
URL
https://codevigilant.com/disclosure/wp-plugin-yawpp-a1-injection/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
35031a38-023f-4808-8d5d-60f28b0a60f6

Timeline

Publicly Published
2014-09-19 (about 11 years ago)
Added
2014-09-19 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-03-25
Title
Amelia < 2.1.2 - Authenticated (Custom role+) SQL Injection
Published
2025-12-10
Title
List Category Posts < 0.92.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode
Published
2021-02-04
Title
wpDataTables < 3.4.1 - Unauthenticated SQL Injection
Published
2025-03-14
Title
School Management System – WPSchoolPress < 2.2.17 - Parent+ SQL Injection
Published
2025-06-13
Title
AutomatorWP < 5.2.6 - Authenticated (Administrator+) SQL Injection via field_conditions