Google Document Embedder <= 2.5.14 – SQL Injection | CVE 2014-9173

Affects Plugins

google-document-embedder

Fixed in 2.5.15

References

CVE

CVE-2014-9173

Exploitdb

35371

URL

https://security.szurek.pl/google-doc-embedder-2514-sql-injection.html

URL

https://exchange.xforce.ibmcloud.com/vulnerabilities/98944

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

70f6178d-3b91-49bf-a0f7-7a202c98db58

Timeline

Publicly Published

2014-11-25 (about 11 years ago)

Added

2014-11-25 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2024-09-06

Title

Pinpoint Booking System < 2.9.9.5.1- Authenticated (Subscriber+) SQL Injection

Published

2024-04-05

Title

ENL Newsletter <= 1.0.1 - Admin+ SQL Injection

Published

2018-09-05

Title

Image Intense <= 3.2.5 - Authenticated SQL Injection in shortcodes

Published

2025-05-20

Title

Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection

Published

2025-10-14

Title

External Login <= 1.11.2 - Unauthenticated SQL Injection via log