WordPress Plugin Vulnerabilities

WordPress Zero Spam < 2.2.0 - Unauthenticated Blind SQL Injection

Description

The WordPress Zero Spam WordPress plugin was affected by an Unauthenticated Blind SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
zero-spam
Fixed in 2.2.0

References

URL
https://github.com/bmarshall511/wordpress-zero-spam/commit/269ac79aa199da629208190a24114c5551b77c71
URL
https://github.com/bmarshall511/wordpress-zero-spam/issues/135
URL
https://github.com/bmarshall511/wordpress-zero-spam/pull/138

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Werner Alsemgeest
Verified
Yes
WPVDB ID
44cc8d59-9b45-46b7-afaf-894e4ba62dd5

Timeline

Publicly Published
2016-08-24 (about 9 years ago)
Added
2016-08-24 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-02-22
Title
Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection
Published
2025-11-07
Title
Quick Featured Images < 13.7.4 - Authenticated (Editor+) SQL Injection via delete_orphaned
Published
2026-01-15
Title
WooCommerce Frontend Manager – Ultimate < 6.7.6 - Authenticated (Subscriber+) SQL Injection
Published
2025-07-04
Title
Gallery Widget <= 1.2.1 - Authenticated (Contributor+) SQL Injection
Published
2016-06-06
Title
Double Opt-In for Download < 2.1.0 - Authenticated SQL Injection