WP-DBManager < 2.7.2 – Authenticated Command Injection | CVE 2014-8334

Affects Plugins

wp-dbmanager

Fixed in 2.7.2

References

CVE

CVE-2014-8334

CVE

CVE-2014-8335

CVE

CVE-2014-8336

URL

https://github.com/lesterchan/wp-dbmanager/commit/7037fa8f61644098044379190d1d4bf1883b8e4a

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

CVSS

7.2 (high)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

38752494-cc25-4924-99c3-f03c181b0e9e

Timeline

Publicly Published

2014-10-13 (about 11 years ago)

Added

2014-10-15 (about 11 years ago)

Last Updated

2020-08-21 (about 5 years ago)

Other

Published

Title

Published

2025-03-28

Title

Shortcodes by United Themes < 5.1.7 - Unauthenticated Arbitrary Shortcode Execution

Published

2014-08-01

Title

PHP Shell Plugin

Published

2024-05-03

Title

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-03-10

Title

WPCS – WordPress Currency Switcher Professional < 1.2.0.5 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-08-05

Title

Request a Quote Form Plugin < 2.5.3 - Unauthenticated Limited Remote Code Execution