WordPress Plugin Vulnerabilities

WTI Like Post < 1.4.3 - Unauthenticated Blind SQL Injection

Description

The WTI Like Post WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wti-like-post
Fixed in 1.4.3

References

CVE
CVE-2015-9466
URL
http://cinu.pl/research/wp-plugins/mail_576345187f5867ec8921b12de5884fb1.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
36402c45-f011-4978-ae1a-2f690e278115

Timeline

Publicly Published
2015-07-05 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-07-24
Title
WordPress Database Administrator <= 1.0.3 - Unauthenticated SQL Injection
Published
2026-05-11
Title
AI Chatbot & Workflow Automation by AIWU <= 1.4.17 - Unauthenticated SQL Injection in getListForTbl()
Published
2014-08-01
Title
File Groups <= 1.1.2 - SQL Injection
Published
2025-06-12
Title
Slim SEO < 4.5.5 - Authenticated (Administrator+) SQL Injection
Published
2023-11-20
Title
WP Mail Log < 1.1.3 - Editor+ SQL Injection via id