WordPress Plugin Vulnerabilities

IndiaNIC Testimonial 2.2 - testimonial.php custom_query Parameter SQL Injection

Description

The Testimonial WordPress plugin was affected by a testimonial.php custom_query Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
indianic-testimonial
Fixed in 2.3

References

CVE
CVE-2013-5673
Exploitdb
28054
URL
https://packetstormsecurity.com/files/#123036/
URL
https://seclists.org/fulldisclosure/2013/Sep/5

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
56afc2c7-aa68-4380-8988-6a63a8081d0a

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
plugin WP-Forum 1.7.4 - Remote SQL Injection
Published
2024-12-14
Title
Advanced What should we write next about <= 1.0.3 - Authenticated (Subscriber+) SQL Injection
Published
2026-03-02
Title
Contest Gallery < 28.1.5 - Unauthenticated SQL Injection
Published
2026-03-26
Title
Simply Schedule Appointments < 1.6.9.29 - Authenticated (Contributor+) SQL Injection
Published
2026-04-08
Title
WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters < 4.9.2 - Unauthenticated SQL Injection